| Name | CVE-2023-20569 |
| Description | A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3525-1, DSA-5475-1, ELA-947-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| amd64-microcode (PTS) | jessie/non-free | 3.20230719.1~deb8u1 | fixed |
| jessie/non-free (lts) | 3.20181128.1~deb8u1 | vulnerable | |
| stretch/non-free | 3.20230719.1~deb9u1 | fixed | |
| stretch/non-free (security), stretch/non-free (lts) | 3.20181128.1~deb9u2 | vulnerable | |
| buster/non-free (security), buster/non-free | 3.20230719.1~deb10u1 | fixed | |
| bullseye/non-free | 3.20240820.1~deb11u1 | fixed | |
| bullseye/non-free (security) | 3.20230719.1~deb11u1 | fixed | |
| bookworm/non-free-firmware | 3.20240820.1~deb12u1 | fixed | |
| bookworm/non-free-firmware (security) | 3.20230719.1~deb12u1 | fixed | |
| sid/non-free-firmware, trixie/non-free-firmware | 3.20240820.1 | fixed | |
| linux (PTS) | jessie, jessie (lts) | 3.16.84-1 | vulnerable |
| stretch (security) | 4.9.320-2 | vulnerable | |
| stretch (lts), stretch | 4.9.320-3 | vulnerable | |
| buster (security), buster, buster (lts) | 4.19.316-1 | vulnerable | |
| bullseye | 5.10.223-1 | fixed | |
| bullseye (security) | 5.10.226-1 | fixed | |
| bookworm | 6.1.115-1 | fixed | |
| bookworm (security) | 6.1.112-1 | fixed | |
| trixie | 6.11.7-1 | fixed | |
| sid | 6.11.9-1 | fixed | |
| linux-5.10 (PTS) | stretch (lts), stretch | 5.10.226-1~deb9u1 | fixed |
| buster, buster (lts) | 5.10.226-1~deb10u1 | fixed | |
| buster (security) | 5.10.218-1~deb10u1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| amd64-microcode | source | jessie | 3.20230719.1~deb8u1 | |||
| amd64-microcode | source | stretch | 3.20230719.1~deb9u1 | |||
| amd64-microcode | source | buster | 3.20230719.1~deb10u1 | |||
| amd64-microcode | source | bullseye | 3.20230719.1~deb11u1 | |||
| amd64-microcode | source | bookworm | 3.20230719.1~deb12u1 | |||
| amd64-microcode | source | (unstable) | 3.20230719.1 | |||
| linux | source | jessie | (unfixed) | end-of-life | ||
| linux | source | stretch | (unfixed) | end-of-life | ||
| linux | source | bullseye | 5.10.179-5 | DSA-5475-1 | ||
| linux | source | bookworm | 6.1.38-4 | DSA-5475-1 | ||
| linux | source | (unstable) | 6.4.4-3 | |||
| linux-5.10 | source | stretch | 5.10.179-5~deb9u1 | ELA-947-1 | ||
| linux-5.10 | source | buster | 5.10.179-5~deb10u1 | DLA-3525-1 |
[buster] - linux <ignored> (Mitigation is too invasive to backport)
SRSO microcode for Milan (Zen3 EPYC):
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=b250b32ab1d044953af2dc5e790819a7703b7ee6
3.20230719.1 ships the first batch of fixes, only for 3nd gen EPYC CPUs (Milan),
further update for 4th gen EPYC CPUs to follow in later releases.
Updated microcode for 4th gen EPYC CPUs Genoa (Family=0x19 Model=0x11) and
Bergamo (Family=0x19 Model=0xa0) with (cf: https://bugs.debian.org/1043381):
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f2eb058afc57348cde66852272d6bf11da1eef8f
3.20230808.1.1 ships this second batch of fixes for 4th gen EPYC CPUs.
https://comsec.ethz.ch/research/microarch/inception/
https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf
https://github.com/comsec-group/inception
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005
https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
https://www.openwall.com/lists/oss-security/2023/08/08/4