CVE Vulnerabilities

CVE-2023-20592

Published: Nov 14, 2023 | Modified: Nov 28, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
5.3 MODERATE
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
Ubuntu
MEDIUM

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

Affected Software

Name Vendor Start Version End Version
Epyc_7001_firmware Amd - (including) - (including)
Red Hat Enterprise Linux 7 RedHat linux-firmware-0:20200421-82.git78c0348.el7_9 *
Red Hat Enterprise Linux 7.6 Advanced Update Support RedHat linux-firmware-0:20180911-69.3.git85c5d90.el7_6 *
Red Hat Enterprise Linux 7.7 Advanced Update Support RedHat linux-firmware-0:20190429-75.gitddde598.el7_7 *
Red Hat Enterprise Linux 8 RedHat linux-firmware-0:20240111-121.gitb3132c18.el8 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat linux-firmware-0:20240419-102.git055dfa8e.el8_2 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat linux-firmware-0:20220210-114.git6342082c.el8_6 *
Amd64-microcode Ubuntu bionic *
Amd64-microcode Ubuntu esm-infra-legacy/trusty *
Amd64-microcode Ubuntu trusty *
Amd64-microcode Ubuntu trusty/esm *
Amd64-microcode Ubuntu xenial *

References