Vulnerability DatabaseCVE-2023-20588

CVE-2023-20588:
vulnerability analysis and mitigation

Overview

CVE-2023-20588 is a vulnerability discovered in AMD processors with Zen1 microarchitecture where a division-by-zero error can potentially return speculative data, leading to loss of confidentiality. The vulnerability was identified in August 2023 and affects AMD Zen1 processors, including Datacenter AMD EPYC 7001 Processors (AMD Bulletin).

Technical details

The vulnerability exists in the Zen1 microarchitecture where there is one divider in the pipeline which services uops from both threads. In the case of a division-by-zero (#DE) exception, the latched result from the previous DIV instruction to execute will be forwarded speculatively. This creates a covert channel that allows two threads to communicate without system calls and enables userspace to obtain the result of the most recent DIV instruction executed (even speculatively) in the core, which can be from a higher privilege context. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

Impact

An attacker might be able to infer data from a different execution context on the same CPU core, potentially leading to information disclosure of sensitive data. This vulnerability is particularly concerning in cloud environments where AMD EPYC 7001 series processors are used, such as in AWS T3a instances (Xen Advisory).

Mitigation and workarounds

The primary mitigation involves kernel and hypervisor patches that overwrite the buffer in the divider on the return-to-guest path. However, the fix is only fully effective when SMT (Simultaneous Multi-Threading) is disabled. Linux kernel implemented a fix by performing an innocuous division on every exit to userspace to prevent leaking old data from kernel space. For Xen hypervisor, system administrators are required to risk-assess their workload and choose whether to enable or disable SMT (Xen Advisory).

Community reactions

The vulnerability has received significant attention in the virtualization community, particularly among Xen users. Security researchers have noted that the vulnerability is especially concerning for cloud environments using AMD Zen1 processors. AMD has acknowledged the issue but has not expressed plans to provide a microcode fix (Openwall Discussion).

Additional resources

Source: This report was generated using AI

5.5

Score

Published August 8, 2023

Severity MEDIUM

CNA Score N/A

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 87.9

Exploitation Probability (EPSS) 4

Affected packages and libraries

kernel-uek-modules-extra
kernel-debuginfo-common-x86_64

Sources

NVD
Alpine Security Tracker
- Alpine 3.15, 3.16, 3.17, 3.18, edge Severity MEDIUMHas FixAdded at: Oct 02, 2023
- Alpine 3.19 Severity MEDIUMHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity MEDIUMHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity MEDIUMHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity MEDIUMHas FixAdded at: Jun 01, 2025
Bottlerocket GitHub Security Advisories
- Bottlerocket Severity MEDIUMHas FixAdded at: Sep 19, 2023
Debian Security Tracker
- Debian 10 Severity MEDIUMHas FixAdded at: Oct 02, 2023
- Debian 11 Severity MEDIUMHas FixAdded at: Aug 20, 2023
- Debian 12 Severity MEDIUMHas FixAdded at: Sep 10, 2023
- Debian 13 Severity MEDIUMHas FixAdded at: Aug 24, 2023
Photon Security Advisory
- Photon 4.0 Severity MEDIUMHas FixAdded at: Feb 17, 2025
Ubuntu Security Tracker
- Ubuntu 14.04, 16.04 Severity HIGHHas FixAdded at: Oct 31, 2023
- Ubuntu 18.04 Severity HIGHHas FixAdded at: Nov 13, 2023
- Ubuntu 20.04, 22.04, 23.04 Severity HIGHHas FixAdded at: Sep 20, 2023