csaf_redhat - rhsa-2023

rhsa-2023_7244

Vulnerability from csaf_redhat

Published

2023-11-15 17:53

Modified

2024-09-13 21:17

Summary

Red Hat Security Advisory: linux-firmware security update

Notes

Topic

An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The linux-firmware packages contain all of the firmware files that are required by various devices to operate.\n\nSecurity Fix(es):\n\n* hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)\n\n* hw: amd: Cross-Process Information Leak (CVE-2023-20593)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7244",
        "url": "https://access.redhat.com/errata/RHSA-2023:7244"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2207625",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207625"
      },
      {
        "category": "external",
        "summary": "2217845",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217845"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7244.json"
      }
    ],
    "title": "Red Hat Security Advisory: linux-firmware security update",
    "tracking": {
      "current_release_date": "2024-09-13T21:17:36+00:00",
      "generator": {
        "date": "2024-09-13T21:17:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2023:7244",
      "initial_release_date": "2023-11-15T17:53:48+00:00",
      "revision_history": [
        {
          "date": "2023-11-15T17:53:48+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-11-15T17:53:48+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T21:17:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
                  "product_id": "7Server-7.7.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:7.7::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
                "product": {
                  "name": "iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
                  "product_id": "iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl100-firmware@39.31.5.1-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
                "product": {
                  "name": "iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
                  "product_id": "iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl1000-firmware@39.31.5.1-74.el7_7?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
                "product": {
                  "name": "iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
                  "product_id": "iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl105-firmware@18.168.6.1-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
                "product": {
                  "name": "iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
                  "product_id": "iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl135-firmware@18.168.6.1-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
                "product": {
                  "name": "iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
                  "product_id": "iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl2000-firmware@18.168.6.1-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
                "product": {
                  "name": "iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
                  "product_id": "iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl2030-firmware@18.168.6.1-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
                "product": {
                  "name": "iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
                  "product_id": "iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl3160-firmware@22.0.7.0-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
                "product": {
                  "name": "iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
                  "product_id": "iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl3945-firmware@15.32.2.9-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
                "product": {
                  "name": "iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
                  "product_id": "iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl4965-firmware@228.61.2.24-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
                "product": {
                  "name": "iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
                  "product_id": "iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl5000-firmware@8.83.5.1_1-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
                "product": {
                  "name": "iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
                  "product_id": "iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl5150-firmware@8.24.2.2-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
                "product": {
                  "name": "iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
                  "product_id": "iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl6000-firmware@9.221.4.1-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
                "product": {
                  "name": "iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
                  "product_id": "iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl6000g2a-firmware@17.168.5.3-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
                "product": {
                  "name": "iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
                  "product_id": "iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl6000g2b-firmware@17.168.5.2-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
                "product": {
                  "name": "iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
                  "product_id": "iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl6050-firmware@41.28.5.1-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
                "product": {
                  "name": "iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
                  "product_id": "iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl7260-firmware@22.0.7.0-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
                "product": {
                  "name": "iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
                  "product_id": "iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/iwl7265-firmware@22.0.7.0-74.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
                "product": {
                  "name": "linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
                  "product_id": "linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/linux-firmware@20190429-74.gitddde598.el7_7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "linux-firmware-0:20190429-74.gitddde598.el7_7.src",
                "product": {
                  "name": "linux-firmware-0:20190429-74.gitddde598.el7_7.src",
                  "product_id": "linux-firmware-0:20190429-74.gitddde598.el7_7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/linux-firmware@20190429-74.gitddde598.el7_7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl100-firmware-0:39.31.5.1-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl100-firmware-0:39.31.5.1-74.el7_7.noarch"
        },
        "product_reference": "iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch"
        },
        "product_reference": "iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl105-firmware-0:18.168.6.1-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl105-firmware-0:18.168.6.1-74.el7_7.noarch"
        },
        "product_reference": "iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl135-firmware-0:18.168.6.1-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl135-firmware-0:18.168.6.1-74.el7_7.noarch"
        },
        "product_reference": "iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch"
        },
        "product_reference": "iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch"
        },
        "product_reference": "iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch"
        },
        "product_reference": "iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch"
        },
        "product_reference": "iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch"
        },
        "product_reference": "iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch"
        },
        "product_reference": "iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch"
        },
        "product_reference": "iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch"
        },
        "product_reference": "iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch"
        },
        "product_reference": "iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch"
        },
        "product_reference": "iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch"
        },
        "product_reference": "iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch"
        },
        "product_reference": "iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch"
        },
        "product_reference": "iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "linux-firmware-0:20190429-74.gitddde598.el7_7.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.noarch"
        },
        "product_reference": "linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
        "relates_to_product_reference": "7Server-7.7.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "linux-firmware-0:20190429-74.gitddde598.el7_7.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
          "product_id": "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.src"
        },
        "product_reference": "linux-firmware-0:20190429-74.gitddde598.el7_7.src",
        "relates_to_product_reference": "7Server-7.7.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Johannes Wikner",
            "Dani\u00ebl Trujillo",
            "Kaveh Razavi"
          ],
          "organization": "ETH Zurich"
        }
      ],
      "cve": "CVE-2023-20569",
      "discovery_date": "2023-05-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2207625"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A side channel vulnerability was found in hw amd. Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "amd: Return Address Predictor vulnerability leading to information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7.AUS:iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
          "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
          "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-20569"
        },
        {
          "category": "external",
          "summary": "RHBZ#2207625",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207625"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20569",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20569",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20569"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/7049120",
          "url": "https://access.redhat.com/solutions/7049120"
        },
        {
          "category": "external",
          "summary": "https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf",
          "url": "https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf"
        },
        {
          "category": "external",
          "summary": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html",
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html"
        }
      ],
      "release_date": "2023-08-08T11:25:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7.AUS:iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.src"
          ],
          "restart_required": {
            "category": "machine"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7244"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.7.AUS:iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.7.AUS:iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "amd: Return Address Predictor vulnerability leading to information disclosure"
    },
    {
      "cve": "CVE-2023-20593",
      "cwe": {
        "id": "CWE-1239",
        "name": "Improper Zeroization of Hardware Register"
      },
      "discovery_date": "2023-05-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2217845"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in hw, in \u201cZen 2\u201d CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: amd: Cross-Process Information Leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-7.7.AUS:iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
          "7Server-7.7.AUS:iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
          "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
          "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-20593"
        },
        {
          "category": "external",
          "summary": "RHBZ#2217845",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217845"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20593",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20593",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20593"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=522b1d69219d8f083173819fde04f994aa051a98",
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=522b1d69219d8f083173819fde04f994aa051a98"
        },
        {
          "category": "external",
          "summary": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html",
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html"
        }
      ],
      "release_date": "2023-07-25T06:30:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-7.7.AUS:iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.src"
          ],
          "restart_required": {
            "category": "machine"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7244"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-7.7.AUS:iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-7.7.AUS:iwl100-firmware-0:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl1000-firmware-1:39.31.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl105-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl135-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2000-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl2030-firmware-0:18.168.6.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3160-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl3945-firmware-0:15.32.2.9-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl4965-firmware-0:228.61.2.24-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5000-firmware-0:8.83.5.1_1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl5150-firmware-0:8.24.2.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000-firmware-0:9.221.4.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2a-firmware-0:17.168.5.3-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6000g2b-firmware-0:17.168.5.2-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl6050-firmware-0:41.28.5.1-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7260-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:iwl7265-firmware-0:22.0.7.0-74.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.noarch",
            "7Server-7.7.AUS:linux-firmware-0:20190429-74.gitddde598.el7_7.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hw: amd: Cross-Process Information Leak"
    }
  ]
}

cve-2023-20593

Vulnerability from cvelistv5

Published

2023-07-24 19:38

Modified

2024-08-02 09:05

Severity

Summary

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

References

URL	Tags
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008	vendor-advisory
http://xenbits.xen.org/xsa/advisory-433.html
http://www.openwall.com/lists/oss-security/2023/07/24/3
http://seclists.org/fulldisclosure/2023/Jul/43
http://www.openwall.com/lists/oss-security/2023/07/25/5
http://www.openwall.com/lists/oss-security/2023/07/25/6
http://www.openwall.com/lists/oss-security/2023/07/25/1
http://www.openwall.com/lists/oss-security/2023/07/25/13
http://www.openwall.com/lists/oss-security/2023/07/25/17
http://www.openwall.com/lists/oss-security/2023/07/25/12
http://www.openwall.com/lists/oss-security/2023/07/25/16
http://www.openwall.com/lists/oss-security/2023/07/25/14
http://www.openwall.com/lists/oss-security/2023/07/25/15
http://www.openwall.com/lists/oss-security/2023/07/26/1
https://cmpxchg8b.com/zenbleed.html
https://www.debian.org/security/2023/dsa-5459
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
https://www.debian.org/security/2023/dsa-5462
https://www.debian.org/security/2023/dsa-5461
https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html
http://www.openwall.com/lists/oss-security/2023/07/31/2
https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/
http://www.openwall.com/lists/oss-security/2023/08/08/7
http://www.openwall.com/lists/oss-security/2023/08/08/8
http://www.openwall.com/lists/oss-security/2023/08/08/6
http://www.openwall.com/lists/oss-security/2023/08/16/4
http://www.openwall.com/lists/oss-security/2023/08/16/5
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/
http://www.openwall.com/lists/oss-security/2023/09/22/9
http://www.openwall.com/lists/oss-security/2023/09/22/11
http://www.openwall.com/lists/oss-security/2023/09/25/4
http://www.openwall.com/lists/oss-security/2023/09/25/7
https://security.netapp.com/advisory/ntap-20240531-0004/

Impacted products

Vendor	Product
AMD	Ryzen™ 3000 Series Desktop Processors “Matisse” AM4
AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4
AMD	3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3
AMD	Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Lucienne”
AMD	Ryzen™ 4000 Series Mobile processors with Radeon™ Graphics “Renoir”
AMD	Ryzen™ 7020 Series processors “Mendocino” FT6
AMD	2nd Gen AMD EPYC™ Processors

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:45.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-433.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/24/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/26/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cmpxchg8b.com/zenbleed.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5459"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5462"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5461"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/31/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/16/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/16/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240531-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile processors with Radeon\u2122 Graphics \u201cRenoir\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7020 Series processors \u201cMendocino\u201d FT6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "\u00b5code / AGESA\u2122 firmware",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-07-24T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eAn issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\u003c/span\u003e\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nAn issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-24T19:39:41.259Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-433.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/24/3"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/13"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/17"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/12"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/16"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/14"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/15"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/26/1"
        },
        {
          "url": "https://cmpxchg8b.com/zenbleed.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5459"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5462"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5461"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/31/2"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/7"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/16/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/16/5"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240531-0004/"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7008",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20593",
    "datePublished": "2023-07-24T19:38:43.385Z",
    "dateReserved": "2022-10-27T18:53:39.762Z",
    "dateUpdated": "2024-08-02T09:05:45.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20569

Vulnerability from cvelistv5

Published

2023-08-08 17:02

Modified

2024-08-02 09:05

Severity

Summary

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

References

URL	Tags
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005	vendor-advisory
http://xenbits.xen.org/xsa/advisory-434.html
http://www.openwall.com/lists/oss-security/2023/08/08/4
https://comsec.ethz.ch/research/microarch/inception/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/
https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html
https://www.debian.org/security/2023/dsa-5475
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/
https://security.netapp.com/advisory/ntap-20240605-0006/

Impacted products

Vendor	Product
AMD	Ryzen™ 3000 Series Desktop Processors
AMD	Ryzen™ PRO 3000 Series Desktop Processors
AMD	Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD	Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics
AMD	Athlon™ 3000 Series Processors with Radeon™ Graphics
AMD	Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD	Ryzen™ PRO 4000 Series Desktop Processors
AMD	Ryzen™ 5000 Series Desktop Processors
AMD	Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics
	Ryzen™ PRO 5000 Series Desktop Processors
AMD	Ryzen™ Threadripper™ 2000 Series Processors
AMD	Ryzen™ Threadripper™ 5000 Series Processors
AMD	Ryzen™ Threadripper™ 3000 Series Processors
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD	Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD	Ryzen™ PRO 5000 Series Processors
AMD	Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD	Ryzen™ PRO 6000 Series Processors
AMD	Ryzen™ 7040 Series Processors with Radeon™ Graphics
AMD	Ryzen™ 7000 Series Processors
AMD	Ryzen™ 7000 Series Processors with Radeon™ Graphics
AMD	1st Gen AMD EPYC™ Processors
AMD	2nd Gen AMD EPYC™ Processors
AMD	3rd Gen AMD EPYC™ Processors
AMD	4th Gen AMD EPYC™ Processors

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-434.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://comsec.ethz.ch/research/microarch/inception/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5475"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
          "vendor": " ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 6000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": " 1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122  Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "4th Gen AMD EPYC\u2122  Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA side channel vulnerability on some \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eof the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAMD CPUs may allow an attacker to influence \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereturn address prediction\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. This may\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e result in speculative execution at an attacker-controlled\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eaddress\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, potentially leading to information disclosure.\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:02:11.318Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-434.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
        },
        {
          "url": "https://comsec.ethz.ch/research/microarch/inception/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5475"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7005",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20569",
    "datePublished": "2023-08-08T17:02:11.318Z",
    "dateReserved": "2022-10-27T18:53:39.754Z",
    "dateUpdated": "2024-08-02T09:05:36.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2023_7244

Vulnerability from csaf_redhat

cve-2023-20593

Vulnerability from cvelistv5

cve-2023-20569

Vulnerability from cvelistv5

Tags