Skip to main content

Xen CVE-2023-20593

MEDIUM
Error Message Information Leak (CWE-209)
2023-07-24 psirt@amd.com
Information Disclosure Xen Debian Linux Ryzen 3 3100 Firmware Ryzen 3 3300X Firmware Ryzen 5 3500 Firmware Ryzen 5 3500X Firmware Ryzen 5 3600 Firmware Ryzen 5 3600X Firmware Ryzen 5 3600Xt Firmware Ryzen 7 3700X Firmware Ryzen 7 3800X Firmware Ryzen 7 3800Xt Firmware Ryzen 9 3900 Firmware Ryzen 9 3900X Firmware Ryzen 9 3900Xt Firmware Ryzen 9 3950X Firmware Ryzen 9 Pro 3900 Firmware Ryzen Threadripper Pro 3995Wx Firmware Ryzen Threadripper Pro 3975Wx Firmware Ryzen Threadripper Pro 3955Wx Firmware Ryzen Threadripper Pro 3945Wx Firmware Ryzen Threadripper 3990X Firmware Ryzen Threadripper 3970X Firmware Ryzen Threadripper 3960X Firmware Ryzen 7 4700G Firmware Ryzen 7 4700Ge Firmware Ryzen 5 4600G Firmware Ryzen 5 4600Ge Firmware Ryzen 3 4300G Firmware Ryzen 3 4300Ge Firmware Ryzen 3 Pro 4450U Firmware Ryzen 3 Pro 4350Ge Firmware Ryzen 3 Pro 4350G Firmware Ryzen 3 Pro 4200G Firmware Ryzen 5 Pro 4650Ge Firmware Ryzen 5 Pro 4650G Firmware Ryzen 5 Pro 4400G Firmware Ryzen 7 Pro 4750U Firmware Ryzen 7 Pro 4750Ge Firmware Ryzen 7 Pro 4750G Firmware Ryzen 7 5700U Firmware Ryzen 5 5500U Firmware Ryzen 3 5300U Firmware Ryzen 5 7520U Firmware Ryzen 3 7320U Firmware Athlon Gold 7220U Firmware Epyc 7232P Firmware Epyc 7302P Firmware Epyc 7402P Firmware Epyc 7502P Firmware Epyc 7702P Firmware Epyc 7252 Firmware Epyc 7262 Firmware Epyc 7272 Firmware Epyc 7282 Firmware Epyc 7302 Firmware Epyc 7352 Firmware Epyc 7402 Firmware Epyc 7452 Firmware Epyc 7502 Firmware Epyc 7532 Firmware Epyc 7542 Firmware Epyc 7552 Firmware Epyc 7642 Firmware Epyc 7662 Firmware Epyc 7702 Firmware Epyc 7742 Firmware Epyc 7H12 Firmware Epyc 7F32 Firmware Epyc 7F52 Firmware Epyc 7F72 Firmware
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 24, 2023 - 20:15 nvd
MEDIUM 5.5

DescriptionNVD

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

AnalysisAI

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-209. An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Affected products include: Xen, Debian Debian Linux, Amd Ryzen 3 3100 Firmware, Amd Ryzen 3 3300X Firmware, Amd Ryzen 5 3500 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Xen

View all
CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2015-3456 HIGH POC
7.7 May 13

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a

CVE-2018-8897 HIGH POC
7.8 May 08

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) wa

CVE-2022-4949 HIGH POC
8.8 Jun 07

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aj

CVE-2017-15595 HIGH POC
8.8 Oct 18

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recu

CVE-2017-7228 HIGH POC
8.2 Apr 04

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. Rated

CVE-2015-5165 CRITICAL
9.3 Aug 12

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows

CVE-2015-8550 HIGH
8.2 Apr 14

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (hos

CVE-2022-26364 MEDIUM POC
6.7 Jun 09

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text exp

CVE-2017-10918 CRITICAL
10.0 Jul 05

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obt

CVE-2017-10912 CRITICAL
10.0 Jul 05

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217

CVE-2017-10921 CRITICAL
10.0 Jul 05

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_h

Share

CVE-2023-20593 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy