Improper restriction of software interfaces to hardware features in AMD CPU Firmware

#VU78861 Improper restriction of software interfaces to hardware features in AMD CPU Firmware

Published: 2023-08-02

Vulnerability identifier: #VU78861

Vulnerability risk: Low

CVSSv3.1: 2.6 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2023-20583

CWE-ID: CWE-1256

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
AMD CPU Firmware
Hardware solutions / Firmware

Vendor: AMD

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the way data in a cache line changes over time. A local user can monitor the CPU power consumption and potentially gain access to sensitive information using software-based power side channels.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

AMD CPU Firmware: All versions

External links
http://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7006

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Software-based power side-channel attack on AMD CPUs