CVE-2023-20592

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AMDCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
amdepyc_7001_firmware
-
amdepyc_7251_firmware
-
amdepyc_7261_firmware
-
amdepyc_7281_firmware
-
amdepyc_7301_firmware
-
amdepyc_7351_firmware
-
amdepyc_7351p_firmware
-
amdepyc_7371_firmware
-
amdepyc_7401_firmware
-
amdepyc_7401p_firmware
-
amdepyc_7451_firmware
-
amdepyc_7501_firmware
-
amdepyc_7551_firmware
-
amdepyc_7551p_firmware
-
amdepyc_7601_firmware
-
amdepyc_7232p_firmware
-
amdepyc_7252_firmware
-
amdepyc_7262_firmware
-
amdepyc_7272_firmware
-
amdepyc_7282_firmware
-
amdepyc_7302_firmware
-
amdepyc_7302p_firmware
-
amdepyc_7352_firmware
-
amdepyc_7402_firmware
-
amdepyc_7402p_firmware
-
amdepyc_7452_firmware
-
amdepyc_7502_firmware
-
amdepyc_7502p_firmware
-
amdepyc_7532_firmware
-
amdepyc_7542_firmware
-
amdepyc_7552_firmware
-
amdepyc_7642_firmware
-
amdepyc_7662_firmware
-
amdepyc_7702_firmware
-
amdepyc_7702p_firmware
-
amdepyc_7742_firmware
-
amdepyc_7f32_firmware
-
amdepyc_7f52_firmware
-
amdepyc_7f72_firmware
-
amdepyc_7h12_firmware
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
amd64-microcode
bullseye/non-free
3.20240820.1~deb11u1
fixed
bullseye/non-free (security)
3.20230719.1~deb11u1
fixed
bookworm/non-free-firmware
3.20240820.1~deb12u1
fixed
bookworm/non-free-firmware (security)
3.20230719.1~deb12u1
fixed
sid/non-free-firmware
3.20240820.1
fixed
trixie/non-free-firmware
3.20240820.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
amd64-microcode
mantic
not-affected
lunar
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
ignored
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005