CVE-2023-20569
CVE-2023-20569
Em resumo
Uma falha em certos processadores AMD permite que atacantes manipulem como o processador prevê para onde retornar após chamadas de função, fazendo-o executar especulativamente código em endereços escolhidos pelo atacante e potencialmente vazando informações sensíveis.
Detalhe técnico
Uma vulnerabilidade de side-channel no mecanismo de previsão de branch em CPUs AMD permite a um atacante influenciar a previsão de endereço de retorno sem privilégios elevados, induzindo execução especulativa em endereços controlados pelo atacante. Isso pode levar a vazamento de informações através de side-channels de execução especulativa, particularmente afetando processos executados no mesmo núcleo físico.
Resumo gerado e traduzido por IA a partir da descrição oficial.
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
Produtos afetados
Ryzen™ PRO 5000 Series Desktop ProcessorsAMD · 1st Gen AMD EPYC™ ProcessorsAMD · 2nd Gen AMD EPYC™ ProcessorsAMD · 3rd Gen AMD EPYC™ ProcessorsAMD · 4th Gen AMD EPYC™ ProcessorsAMD · Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD · Athlon™ 3000 Series Processors with Radeon™ GraphicsAMD · Athlon™ PRO 3000 Series Processors with Radeon™ Vega GraphicsAMD · Ryzen™ 3000 Series Desktop ProcessorsAMD · Ryzen™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD · Ryzen™ 4000 Series Desktop Processors with Radeon™ GraphicsAMD · Ryzen™ 5000 Series Desktop ProcessorsAMD · Ryzen™ 5000 Series Desktop Processors with Radeon™ GraphicsAMD · Ryzen™ 5000 Series Processors with Radeon™ GraphicsAMD · Ryzen™ 6000 Series Processors with Radeon™ GraphicsAMD · Ryzen™ 7000 Series ProcessorsAMD · Ryzen™ 7000 Series Processors with Radeon™ GraphicsAMD · Ryzen™ 7040 Series Processors with Radeon™ GraphicsAMD · Ryzen™ PRO 3000 Series Desktop ProcessorsAMD · Ryzen™ PRO 3000 Series Processors with Radeon™ Vega GraphicsAMD · Ryzen™ PRO 4000 Series Desktop ProcessorsAMD · Ryzen™ PRO 5000 Series ProcessorsAMD · Ryzen™ PRO 6000 Series ProcessorsAMD · Ryzen™ Threadripper™ 2000 Series ProcessorsAMD · Ryzen™ Threadripper™ 3000 Series ProcessorsAMD · Ryzen™ Threadripper™ 5000 Series ProcessorsQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://comsec.ethz.ch/research/microarch/inception/https://lists.debian.org/debian-lts-announce/2023/08/msg00013.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/https://security.netapp.com/advisory/ntap-20240605-0006/https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.htmlhttps://www.debian.org/security/2023/dsa-5475http://www.openwall.com/lists/oss-security/2023/08/08/4http://xenbits.xen.org/xsa/advisory-434.html