CVE-2023-20569

NameCVE-2023-20569
Description A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3525-1, DSA-5475-1, ELA-1241-1, ELA-947-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
amd64-microcode (PTS)jessie/non-free3.20240820.1~deb8u1fixed
jessie/non-free (lts)3.20181128.1~deb8u1vulnerable
stretch/non-free3.20240820.1~deb9u1fixed
stretch/non-free (security), stretch/non-free (lts)3.20181128.1~deb9u2vulnerable
buster/non-free3.20240820.1~deb10u1fixed
buster/non-free (security)3.20230719.1~deb10u1vulnerable
bullseye/non-free3.20240820.1~deb11u1fixed
bullseye/non-free (security)3.20230719.1~deb11u1fixed
bookworm/non-free-firmware3.20240820.1~deb12u1fixed
bookworm/non-free-firmware (security)3.20230719.1~deb12u1fixed
trixie/non-free-firmware, sid/non-free-firmware3.20240820.1fixed
linux (PTS)jessie, jessie (lts)3.16.84-1vulnerable
stretch (security)4.9.320-2vulnerable
stretch (lts), stretch4.9.320-3vulnerable
buster (security), buster, buster (lts)4.19.316-1vulnerable
bullseye5.10.223-1fixed
bullseye (security)5.10.226-1fixed
bookworm6.1.115-1fixed
bookworm (security)6.1.119-1fixed
trixie6.12.5-1fixed
sid6.12.6-1fixed
linux-5.10 (PTS)stretch (lts), stretch5.10.226-1~deb9u1fixed
buster, buster (lts)5.10.226-1~deb10u1fixed
buster (security)5.10.218-1~deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
amd64-microcodesourcejessie3.20240820.1~deb8u1ELA-1241-1
amd64-microcodesourcestretch3.20240820.1~deb9u1ELA-1241-1
amd64-microcodesourcebuster3.20240820.1~deb10u1ELA-1241-1
amd64-microcodesourcebullseye3.20230719.1~deb11u1
amd64-microcodesourcebookworm3.20230719.1~deb12u1
amd64-microcodesource(unstable)3.20230719.1
linuxsourcejessie(unfixed)end-of-life
linuxsourcestretch(unfixed)end-of-life
linuxsourcebullseye5.10.179-5DSA-5475-1
linuxsourcebookworm6.1.38-4DSA-5475-1
linuxsource(unstable)6.4.4-3
linux-5.10sourcestretch5.10.179-5~deb9u1ELA-947-1
linux-5.10sourcebuster5.10.179-5~deb10u1DLA-3525-1

Notes

[buster] - linux <ignored> (Mitigation is too invasive to backport)
SRSO microcode for Milan (Zen3 EPYC):
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=b250b32ab1d044953af2dc5e790819a7703b7ee6
3.20230719.1 ships the first batch of fixes, only for 3nd gen EPYC CPUs (Milan),
further update for 4th gen EPYC CPUs to follow in later releases.
Updated microcode for 4th gen EPYC CPUs Genoa (Family=0x19 Model=0x11) and
Bergamo (Family=0x19 Model=0xa0) with (cf: https://bugs.debian.org/1043381):
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f2eb058afc57348cde66852272d6bf11da1eef8f
3.20230808.1.1 ships this second batch of fixes for 4th gen EPYC CPUs.
https://comsec.ethz.ch/research/microarch/inception/
https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf
https://github.com/comsec-group/inception
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005
https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
https://www.openwall.com/lists/oss-security/2023/08/08/4

Search for package or bug name: Reporting problems