Bug 2207625 (AMD-SN-7005, CVE-2023-20569, RAS) - CVE-2023-20569 amd: Return Address Predictor vulnerability leading to information disclosure
Summary: CVE-2023-20569 amd: Return Address Predictor vulnerability leading to informa...
Keywords:
Status: NEW
Alias: AMD-SN-7005, CVE-2023-20569, RAS
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2217875 2217876 2217877 2217878 2230151 2230378 2230379 2230381 2230382 2230383 2230384 2230385 2230386 2230388 2230390 2230391 2230392 2230393 2230394 2230395 2230396 2230397 2230406 2230407 2230408 2230409 2230410 2230411 2230412 2230413 2230414 2230415 2230416 2230417 2230418
Blocks: 2180682
TreeView+ depends on / blocked
 
Reported: 2023-05-16 11:32 UTC by Rohit Keshri
Modified: 2024-10-30 16:42 UTC (History)
54 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A side channel vulnerability was found in hw amd. Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:0620 0 None None None 2024-01-30 17:09:46 UTC
Red Hat Product Errata RHBA-2024:0636 0 None None None 2024-01-31 18:06:05 UTC
Red Hat Product Errata RHBA-2024:0688 0 None None None 2024-02-05 17:04:23 UTC
Red Hat Product Errata RHSA-2023:6595 0 None None None 2023-11-07 08:20:49 UTC
Red Hat Product Errata RHSA-2023:7109 0 None None None 2023-11-14 15:21:55 UTC
Red Hat Product Errata RHSA-2023:7244 0 None None None 2023-11-15 17:50:16 UTC
Red Hat Product Errata RHSA-2023:7401 0 None None None 2023-11-21 11:41:02 UTC
Red Hat Product Errata RHSA-2023:7513 0 None None None 2023-11-27 16:18:20 UTC
Red Hat Product Errata RHSA-2023:7749 0 None None None 2023-12-12 17:22:25 UTC
Red Hat Product Errata RHSA-2023:7782 0 None None None 2023-12-13 15:10:47 UTC
Red Hat Product Errata RHSA-2024:0113 0 None None None 2024-01-10 10:42:47 UTC
Red Hat Product Errata RHSA-2024:0134 0 None None None 2024-01-10 10:46:22 UTC
Red Hat Product Errata RHSA-2024:0433 0 None None None 2024-01-24 15:26:07 UTC
Red Hat Product Errata RHSA-2024:0439 0 None None None 2024-01-24 16:35:56 UTC
Red Hat Product Errata RHSA-2024:0448 0 None None None 2024-01-24 16:37:46 UTC
Red Hat Product Errata RHSA-2024:0449 0 None None None 2024-01-24 16:39:51 UTC
Red Hat Product Errata RHSA-2024:0561 0 None None None 2024-01-30 12:26:18 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:30:18 UTC
Red Hat Product Errata RHSA-2024:2005 0 None None None 2024-04-23 16:37:42 UTC
Red Hat Product Errata RHSA-2024:5255 0 None None None 2024-08-13 00:26:27 UTC

Description Rohit Keshri 2023-05-16 11:32:10 UTC 
A side channel attack known as ‘Inception’ or ‘RAS Poisoning’ may allow an attacker to influence branch prediction, potentially leading to information disclosure.

Refer:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html
Comment 10 Rohit Keshri 2023-08-08 19:16:12 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2230151]
Comment 31 errata-xmlrpc 2023-11-07 08:20:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6595 https://access.redhat.com/errata/RHSA-2023:6595
Comment 33 errata-xmlrpc 2023-11-14 15:21:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7109 https://access.redhat.com/errata/RHSA-2023:7109
Comment 34 errata-xmlrpc 2023-11-15 17:50:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support

Via RHSA-2023:7244 https://access.redhat.com/errata/RHSA-2023:7244
Comment 35 errata-xmlrpc 2023-11-21 11:40:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7401 https://access.redhat.com/errata/RHSA-2023:7401
Comment 36 errata-xmlrpc 2023-11-27 16:18:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:7513 https://access.redhat.com/errata/RHSA-2023:7513
Comment 37 errata-xmlrpc 2023-12-12 17:22:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7749 https://access.redhat.com/errata/RHSA-2023:7749
Comment 38 errata-xmlrpc 2023-12-13 15:10:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support

Via RHSA-2023:7782 https://access.redhat.com/errata/RHSA-2023:7782
Comment 39 errata-xmlrpc 2024-01-10 10:42:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0113 https://access.redhat.com/errata/RHSA-2024:0113
Comment 40 errata-xmlrpc 2024-01-10 10:46:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0134 https://access.redhat.com/errata/RHSA-2024:0134
Comment 41 errata-xmlrpc 2024-01-24 15:26:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:0433 https://access.redhat.com/errata/RHSA-2024:0433
Comment 42 errata-xmlrpc 2024-01-24 16:35:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0439
Comment 43 errata-xmlrpc 2024-01-24 16:37:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0448 https://access.redhat.com/errata/RHSA-2024:0448
Comment 44 errata-xmlrpc 2024-01-24 16:39:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0449 https://access.redhat.com/errata/RHSA-2024:0449
Comment 45 errata-xmlrpc 2024-01-30 12:26:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:0561 https://access.redhat.com/errata/RHSA-2024:0561
Comment 46 errata-xmlrpc 2024-02-07 16:30:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Comment 50 errata-xmlrpc 2024-04-23 16:37:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Via RHSA-2024:2005 https://access.redhat.com/errata/RHSA-2024:2005
Comment 51 Keith Grant 2024-05-15 18:29:30 UTC 
Added CVE-2023-20569 to RHBA-2023:2977 https://errata.devel.redhat.com/advisory/104817
Comment 52 errata-xmlrpc 2024-08-13 00:26:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:5255 https://access.redhat.com/errata/RHSA-2024:5255
Note You need to log in before you can comment on or make changes to this bug.