kernel CVE-2023-20588

Moderate

yeazelm published GHSA-8vwp-f338-rj3v

Sep 18, 2023

Package

kernel-5.10 (bottlerocket)

Affected versions

< 1.15.0

Patched versions

1.15.0

kernel-5.15 (bottlerocket)

< 1.15.0

1.15.0

Description

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N