CVE-2023-20588
Published: 08 August 2023
Summary
CVE-2023-20588 is a medium-severity Divide By Zero (CWE-369) vulnerability in Debian Debian Linux. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 10.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A division-by-zero error affects certain AMD processors and can cause speculative execution to return sensitive data, producing a loss of confidentiality. The flaw is tracked as CWE-369 and carries a CVSS 3.1 score of 5.5 reflecting local attack vector, low attack complexity, and low privileges required.
A local attacker who can execute code on an affected system may trigger the division-by-zero condition to obtain otherwise inaccessible information from the processor's speculative state. No elevation of privilege or denial of service is indicated by the available scoring details.
The EPSS score rose from a low baseline to a peak of 0.0798 on 2026-01-13 before receding to the current value of 0.0426, indicating a period of increased exploitation interest after public disclosure. No information on real-world exploitation campaigns or patches is supplied in the source data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-24767
Vulnerability details
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.