Sign-up

ID

VAR-202311-1187


CVE

CVE-2023-20592


TITLE

AMD CPU Instruction Misconception

Trust: 0.6

sources: CNVD: CNVD-2025-29751

DESCRIPTION

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. AMD CPUs are a series of CPUs from AMD Inc. AMD CPUs contain a misguided instruction vulnerability. The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0753.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Moderate: linux-firmware security update Advisory ID: RHSA-2024:0753-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2024:0753 Issue date: 2024-02-09 Revision: 03 CVE Names: CVE-2023-20592 ==================================================================== Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * (RCVE-2023-20592) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: https://access.redhat.com/articles/11258 CVEs: CVE-2023-20592 References: https://access.redhat.com/security/updates/classification/#moderate https://bugzilla.redhat.com/show_bug.cgi?id=2244590

Trust: 1.8

sources: NVD: CVE-2023-20592 // CNVD: CNVD-2025-29751 // VULMON: CVE-2023-20592 // PACKETSTORM: 177057 // PACKETSTORM: 177305 // PACKETSTORM: 177304

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-29751

AFFECTED PRODUCTS

vendor:amdmodel:epyc 7402pscope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7f32scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7281scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7f52scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7601scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7282scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7h12scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7643pscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7532scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 75f3scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 73f3scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7313pscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7502pscope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7313scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7401pscope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 74f3scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7252scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7552scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7443scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7303scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7502scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7303pscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7551scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7413scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7262scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7373xscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7351scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7542scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7302scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7473xscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7551pscope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7663scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 72f3scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7272scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7203pscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7662scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7251scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7402scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7302pscope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7713pscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7643scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7452scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7713scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7642scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7501scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7351pscope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7371scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7763scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7451scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7513scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7261scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7f72scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7453scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7443pscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7343scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7702scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7203scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7401scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7742scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7001scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7773xscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7573xscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7352scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7663pscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7543scope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:epyc 7232pscope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7301scope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7702pscope:eqversion: -

Trust: 1.0

vendor:amdmodel:epyc 7543pscope:ltversion:milanpi_1.0.0.c

Trust: 1.0

vendor:amdmodel:cpuscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-29751 // NVD: CVE-2023-20592

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20592
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2025-29751
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-29751
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-20592
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-29751 // NVD: CVE-2023-20592

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2023-20592

PATCH

title:Patch for AMD CPU Instruction Misconceptionurl:https://www.cnvd.org.cn/patchInfo/show/777111

Trust: 0.6

title: - url:https://github.com/cispa/CacheWarp

Trust: 0.1

sources: CNVD: CNVD-2025-29751 // VULMON: CVE-2023-20592

EXTERNAL IDS

db:NVDid:CVE-2023-20592

Trust: 2.0

db:CNVDid:CNVD-2025-29751

Trust: 0.6

db:VULMONid:CVE-2023-20592

Trust: 0.1

db:PACKETSTORMid:177057

Trust: 0.1

db:PACKETSTORMid:177305

Trust: 0.1

db:PACKETSTORMid:177304

Trust: 0.1

sources: CNVD: CNVD-2025-29751 // VULMON: CVE-2023-20592 // PACKETSTORM: 177057 // PACKETSTORM: 177305 // PACKETSTORM: 177304 // NVD: CVE-2023-20592

REFERENCES

url:https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-3005

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-20592

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=2244590

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://github.com/cispa/cachewarp

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:0753

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0753.json

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:0979

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0979.json

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2024:0978

Trust: 0.1

url:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0978.json

Trust: 0.1

sources: CNVD: CNVD-2025-29751 // VULMON: CVE-2023-20592 // PACKETSTORM: 177057 // PACKETSTORM: 177305 // PACKETSTORM: 177304 // NVD: CVE-2023-20592

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 177057 // PACKETSTORM: 177305 // PACKETSTORM: 177304

SOURCES

db:CNVDid:CNVD-2025-29751
db:VULMONid:CVE-2023-20592
db:PACKETSTORMid:177057
db:PACKETSTORMid:177305
db:PACKETSTORMid:177304
db:NVDid:CVE-2023-20592

LAST UPDATE DATE

2025-12-19T22:58:13.256000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-29751date:2025-12-03T00:00:00
db:VULMONid:CVE-2023-20592date:2023-11-14T00:00:00
db:NVDid:CVE-2023-20592date:2023-11-28T18:04:11.733

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-29751date:2025-12-03T00:00:00
db:VULMONid:CVE-2023-20592date:2023-11-14T00:00:00
db:PACKETSTORMid:177057date:2024-02-09T16:35:56
db:PACKETSTORMid:177305date:2024-02-27T14:57:53
db:PACKETSTORMid:177304date:2024-02-27T14:57:45
db:NVDid:CVE-2023-20592date:2023-11-14T19:15:16.030