What is CVE-2023-20592?

CVE-2023-20592 is a vulnerability in Amd 1st Gen Epyc™ Processors. Published 2023-11-14.

Is CVE-2023-20592 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Amd 1st Gen Epyc™ Processors

CVE-2023-20592

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory…

EPSS: 0.004 (58.5th percentile) — read the EPSS interpretation.

Affected products

Amd 1st Gen Epyc™ Processors — versions various
Amd 2nd Gen Epyc™ Processors — versions various
Amd 3rd Gen Epyc™ Processors — versions various

Public proof-of-concept exploits

cispa/CacheWarp

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005 (vendor-advisory)

Frequently asked questions

What is CVE-2023-20592?: CVE-2023-20592 is a vulnerability in Amd 1st Gen Epyc™ Processors. Published 2023-11-14.
Is CVE-2023-20592 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.