CVE-2023-20575

Description

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

AMD / 1st Gen AMD EPYC™ Processorsvarious – various
AMD / 2nd Gen AMD EPYC™ Processorsvarious – various
AMD / 3rd Gen AMD EPYC™ Processorsvarious – various
AMD / 4th Gen AMD EPYC™ ProcessorsVarious – Various

References

MISChttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3004