CVE-2023-20583

Name of the Vulnerable Software and Affected Versions AMD processors (affected versions not specified) ARM processors (affected versions not specified) Intel processors (affected versions not specified)

Description A potential power side-channel vulnerability may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time, potentially resulting in a leak of sensitive information. The vulnerability, known as Collide+Power, can be exploited to obtain confidential data, such as passwords or encryption keys. It is estimated that almost all modern processors are affected, including those from AMD, ARM, and Intel. However, the vulnerability is considered difficult to exploit, and the speed of data leakage is relatively low, making it unlikely to be used for attacks on end-users. The vulnerability can be used to enhance other software side-channel attacks, such as PLATYPUS and Hertzbleed.

Recommendations As a temporary workaround, consider disabling the performance enhancement features in affected processors to minimize the risk of exploitation. Restrict access to sensitive data and confidential information to prevent potential leaks. Avoid using vulnerable processors for sensitive applications until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.