CVE-2023-20569
CVE-2023-20569
In short
A flaw in certain AMD processors allows attackers to manipulate how the CPU predicts where to return after function calls, causing it to speculatively execute code at attacker-chosen addresses and potentially leak sensitive information.
Technical detail
A side-channel vulnerability in AMD CPU branch prediction mechanisms enables an attacker to influence return address prediction without elevated privileges, inducing speculative execution at attacker-controlled addresses. This can lead to information disclosure through speculative execution side channels, particularly affecting processes running on the same physical core.
Summary generated and translated by AI from the official description.
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
Affected products
Ryzen™ PRO 5000 Series Desktop ProcessorsAMD · 1st Gen AMD EPYC™ ProcessorsAMD · 2nd Gen AMD EPYC™ ProcessorsAMD · 3rd Gen AMD EPYC™ ProcessorsAMD · 4th Gen AMD EPYC™ ProcessorsAMD · Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD · Athlon™ 3000 Series Processors with Radeon™ GraphicsAMD · Athlon™ PRO 3000 Series Processors with Radeon™ Vega GraphicsAMD · Ryzen™ 3000 Series Desktop ProcessorsAMD · Ryzen™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD · Ryzen™ 4000 Series Desktop Processors with Radeon™ GraphicsAMD · Ryzen™ 5000 Series Desktop ProcessorsAMD · Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsAMD · Ryzen™ 5000 Series Processors with Radeon™ GraphicsAMD · Ryzen™ 6000 Series Processors with Radeon™ GraphicsAMD · Ryzen™ 7000 Series ProcessorsAMD · Ryzen™ 7000 Series Processors with Radeon™ GraphicsAMD · Ryzen™ 7040 Series Processors with Radeon™ GraphicsAMD · Ryzen™ PRO 3000 Series Desktop ProcessorsAMD · Ryzen™ PRO 3000 Series Processors with Radeon™ Vega GraphicsAMD · Ryzen™ PRO 4000 Series Desktop ProcessorsAMD · Ryzen™ PRO 5000 Series ProcessorsAMD · Ryzen™ PRO 6000 Series ProcessorsAMD · Ryzen™ Threadripper™ 2000 Series ProcessorsAMD · Ryzen™ Threadripper™ 3000 Series ProcessorsAMD · Ryzen™ Threadripper™ 5000 Series ProcessorsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://comsec.ethz.ch/research/microarch/inception/https://lists.debian.org/debian-lts-announce/2023/08/msg00013.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/https://security.netapp.com/advisory/ntap-20240605-0006/https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.htmlhttps://www.debian.org/security/2023/dsa-5475http://www.openwall.com/lists/oss-security/2023/08/08/4http://xenbits.xen.org/xsa/advisory-434.html