CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
35.1%
Issue Overview:
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. (CVE-2023-20593)
Affected Packages:
linux-firmware
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update linux-firmware to update your system.
New Packages:
noarch:
linux-firmware-20200421-81.git78c0348.amzn2.noarch
iwl100-firmware-39.31.5.1-81.amzn2.noarch
iwl105-firmware-18.168.6.1-81.amzn2.noarch
iwl135-firmware-18.168.6.1-81.amzn2.noarch
iwl1000-firmware-39.31.5.1-81.amzn2.noarch
iwl2000-firmware-18.168.6.1-81.amzn2.noarch
iwl2030-firmware-18.168.6.1-81.amzn2.noarch
iwl3160-firmware-25.30.13.0-81.amzn2.noarch
iwl3945-firmware-15.32.2.9-81.amzn2.noarch
iwl4965-firmware-228.61.2.24-81.amzn2.noarch
iwl5000-firmware-8.83.5.1_1-81.amzn2.noarch
iwl5150-firmware-8.24.2.2-81.amzn2.noarch
iwl6000-firmware-9.221.4.1-81.amzn2.noarch
iwl6000g2a-firmware-18.168.6.1-81.amzn2.noarch
iwl6000g2b-firmware-18.168.6.1-81.amzn2.noarch
iwl6050-firmware-41.28.5.1-81.amzn2.noarch
iwl7260-firmware-25.30.13.0-81.amzn2.noarch
src:
linux-firmware-20200421-81.git78c0348.amzn2.src
Red Hat: CVE-2023-20593
Mitre: CVE-2023-20593