Lucene search

Redhat.comRH:CVE-2023-20583

HistoryAug 22, 2023 - 5:49 p.m.

CVE-2023-20583

2023-08-2217:49:59

redhat.com

access.redhat.com

amd

processor

side-channel

vulnerability

power consumption

cache line

sensitive information

cve-2023-20583

mitigation

hw vendor

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

9.0%

JSON

A power side-channel vulnerability was found in AMD processors. This issue may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time, resulting in a sensitive information leak.

Mitigation

Please contact HW vendor for more update on this CVE

References

bugzilla.redhat.com/show_bug.cgi?id=2228322

nvd.nist.gov/vuln/detail/CVE-2023-20583

www.amd.com/en/resources/product-security/bulletin/amd-sb

www.amd.com/en/resources/product-security/bulletin/amd-sb-7006.html

www.cve.org/CVERecord?id=CVE-2023-20583

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for RH:CVE-2023-20583