CVSS: 6.5EPSS: 6%CPEs: 145EXPL: 2CVE-2023-20593 – hw: amd: Cross-Process Information Leak
https://notcve.org/view.php?id=CVE-2023-20593
24 Jul 2023 — An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensiti... • https://github.com/sbaresearch/stop-zenbleed-win • CWE-209: Generation of Error Message Containing Sensitive Information CWE-1239: Improper Zeroization of Hardware Register •
CVSS: 7.5EPSS: 0%CPEs: 132EXPL: 0CVE-2020-12965
https://notcve.org/view.php?id=CVE-2020-12965
04 Feb 2022 — When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. Cuando se combinan con secuencias de software específicas, las CPUs de AMD pueden ejecutar transitoriamente cargas no canónicas y almacenar usando sólo los 48 bits de dirección inferiores, resultando potencialmente en un filtrado de datos • http://www.openwall.com/lists/oss-security/2023/12/05/3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •