CVE-2023-20593

Name of the Vulnerable Software and Affected Versions AMD Zen 2 processors (affected versions not specified)

Description The issue in AMD Zen 2 processors, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. This is due to a use-after-free vulnerability, which can be exploited to track the contents of registers during the execution of other processes on the same CPU core. Researchers have found that 62% of AWS environments are potentially vulnerable to this issue, and it may affect various AMD Ryzen processors. The vulnerability can be used to steal confidential data, such as passwords and encryption keys.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, AMD has begun releasing microcode updates, and clients are recommended to apply AGESA firmware fixes. As a temporary workaround, consider disabling or restricting the use of vulnerable components until a patch is available. Additionally, users can apply kernel-side mitigations to protect themselves until AMD releases fixed microcode updates for all affected CPUs.