CVE-2023-20593

一、漏洞信息
 漏洞编号：[CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0
 CVSS V3.0分值：
  BaseScore：5.5 Medium
  Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
 漏洞简述：
  An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
 漏洞公开时间：2023-07-25 04:15:00
 漏洞创建时间：2023-07-25 00:39:57
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2023-20593
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| psirt.amd.com | http://seclists.org/fulldisclosure/2023/Jul/43 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/24/3 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/25/1 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/25/12 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/25/13 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/25/14 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/25/15 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/25/16 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/25/17 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/25/5 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/25/6 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/26/1 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/07/31/2 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/08/08/6 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/08/08/7 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/08/08/8 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/08/16/4 |  |
| psirt.amd.com | http://www.openwall.com/lists/oss-security/2023/08/16/5 |  |
| psirt.amd.com | http://xenbits.xen.org/xsa/advisory-433.html |  |
| psirt.amd.com | https://cmpxchg8b.com/zenbleed.html |  |
| psirt.amd.com | https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html |  |
| psirt.amd.com | https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html |  |
| psirt.amd.com | https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html |  |
| psirt.amd.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/ |  |
| psirt.amd.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/ |  |
| psirt.amd.com | https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008 |  |
| psirt.amd.com | https://www.debian.org/security/2023/dsa-5459 |  |
| psirt.amd.com | https://www.debian.org/security/2023/dsa-5461 |  |
| psirt.amd.com | https://www.debian.org/security/2023/dsa-5462 |  |
| redhat_bugzilla | https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html | https://bugzilla.redhat.com/show_bug.cgi?id=2217845 |
| redhat_bugzilla | https://lock.cmpxchg8b.com/zenbleed.html | https://bugzilla.redhat.com/show_bug.cgi?id=2217845 |
| redhat_bugzilla | https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0bc3126c9cfa0b8c761483215c25382f831a7c6f | https://bugzilla.redhat.com/show_bug.cgi?id=2217845 |
| redhat_bugzilla | https://access.redhat.com/security/cve/cve-2023-20593 | https://bugzilla.redhat.com/show_bug.cgi?id=2217845 |
| redhat_bugzilla | https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0bc3126c9cfa0b8c761483215c25382f831a7c6f? | https://bugzilla.redhat.com/show_bug.cgi?id=2217845 |
| redhat_bugzilla | https://packages.fedoraproject.org/pkgs/linux-firmware/linux-firmware/ | https://bugzilla.redhat.com/show_bug.cgi?id=2217845 |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593 | https://ubuntu.com/security/CVE-2023-20593 |
| ubuntu | https://lore.kernel.org/linux-firmware/20230718231959.3163407-1-john.allen@amd.com/T/#maa00a9e4b26bcdbf0370b24bdb082639ad0b8dd6 | https://ubuntu.com/security/CVE-2023-20593 |
| ubuntu | https://marc.info/?l=oss-security&m=169020885715049&w=2 | https://ubuntu.com/security/CVE-2023-20593 |
| ubuntu | https://lock.cmpxchg8b.com/zenbleed.html | https://ubuntu.com/security/CVE-2023-20593 |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2023-20593 | https://ubuntu.com/security/CVE-2023-20593 |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2023-20593 | https://ubuntu.com/security/CVE-2023-20593 |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2023-20593 | https://ubuntu.com/security/CVE-2023-20593 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2023-20593 |
| anolis |  | https://anas.openanolis.cn/cves/detail/CVE-2023-20593 |
| cve_search |  | https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/24/3 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/25/6 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/25/5 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/25/1 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/25/17 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/25/12 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/25/16 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/25/15 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/25/14 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/25/13 |
| cve_search |  | http://seclists.org/fulldisclosure/2023/Jul/43 |
| cve_search |  | https://cmpxchg8b.com/zenbleed.html |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/26/1 |
| cve_search |  | http://xenbits.xen.org/xsa/advisory-433.html |
| cve_search |  | https://www.debian.org/security/2023/dsa-5459 |
| cve_search |  | https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html |
| cve_search |  | https://www.debian.org/security/2023/dsa-5462 |
| cve_search |  | https://www.debian.org/security/2023/dsa-5461 |
| cve_search |  | https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/07/31/2 |
| cve_search |  | https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/ |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/08/08/8 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/08/08/7 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/08/08/6 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/08/16/4 |
| cve_search |  | http://www.openwall.com/lists/oss-security/2023/08/16/5 |
| cve_search |  | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/ |
| mageia |  | http://advisories.mageia.org/MGASA-2023-0244.html |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
|  |  | https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0bc3126c9cfa0b8c761483215c25382f831a7c6f |  | redhat_bugzilla |
|  |  | https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0bc3126c9cfa0b8c761483215c25382f831a7c6f? |  | redhat_bugzilla |
| linux_kernel | 4.19.289 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=cfef7bbf0dca27209ea5d82d7060d4fc2c0d72ea | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | linuxkernelcves |
| linux_kernel | 5.10.187 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=93df00f9d48d48466ddbe01a06eaaf3311ecfb53 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | linuxkernelcves |
| linux_kernel | 5.15.122 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=be824fdb827dc06f77a31122949fe1bc011e3e1e | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | linuxkernelcves |
| linux_kernel | 5.4.250 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=00363ef30797211c247605464dc3daaa988531a2 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | linuxkernelcves |
| linux_kernel | 6.1.41 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ed9b87010aa84c157096f98c322491e9af8e8f07 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | linuxkernelcves |
| linux_kernel | 6.4.6 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=9b8bb5c4e25678af895dc9dd4a1e82b2f948cacc | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 | linuxkernelcves |
| linux-firmware |  | https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0bc3126c9cfa0b8c761483215c25382f831a7c6f%20(family%2017h) |  | ubuntu |
| linux-firmware |  | https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b250b32ab1d044953af2dc5e790819a7703b7ee6%20(family%2019h) |  | ubuntu |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
      An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.  
 openEuler评分：
  5.5
 Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(4.19.90):不受影响
2.openEuler-20.03-LTS-SP3:不受影响
3.openEuler-22.03-LTS:不受影响
4.openEuler-22.03-LTS-SP1:不受影响
5.openEuler-22.03-LTS-SP2:不受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP3:否
3.openEuler-22.03-LTS:否
4.openEuler-22.03-LTS-SP1:否
5.openEuler-22.03-LTS-SP2:否

src-openEuler/kernel
关闭

内容风险标识

评论 (7)

src-openEuler/kernel关闭 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2023-20593

评论 (7)

搜索帮助

src-openEuler/kernel
关闭