AMD CPU vulnerable to Inception data-leak attacks - 20230815002¶
Overview¶
The WA SOC has observed a side channel vulnerability in AMD CPUs, which may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure. This vulnerability is only potentially exploitable locally, such as via downloaded malware.
What is the vulnerability?¶
CVE-2023-20569 - CVSS v3 Base Score: N/A
What is vulnerable?¶
The vulnerability affects the AMD's entire CPU lineup going back to 2017 as follows, including its latest Zen 4 Epyc and Ryzen processors;
- Datacenter
- Desktop
- High End Desktop (HEDT)
- Workstation
- Mobile – AMD Ryzen™ Series
- Mobile – AMD Athlon™ Series
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):