Cyber Resilience

CVE-2023-20588

Medium

Published: 08 August 2023

Published
08 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0426 89.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-20588 is a medium-severity Divide By Zero (CWE-369) vulnerability in Debian Debian Linux. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 10.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A division-by-zero error affects certain AMD processors and can cause speculative execution to return sensitive data, producing a loss of confidentiality. The flaw is tracked as CWE-369 and carries a CVSS 3.1 score of 5.5 reflecting local attack vector, low attack complexity, and low privileges required.

A local attacker who can execute code on an affected system may trigger the division-by-zero condition to obtain otherwise inaccessible information from the processor's speculative state. No elevation of privilege or denial of service is indicated by the available scoring details.

The EPSS score rose from a low baseline to a peak of 0.0798 on 2026-01-13 before receding to the current value of 0.0426, indicating a period of increased exploitation interest after public disclosure. No information on real-world exploitation campaigns or patches is supplied in the source data.

EU & UK References

Vulnerability details

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

debian
debian linux
10.0, 11.0, 12.0
amd
epyc 7351p firmware
all versions
amd
epyc 7401p firmware
all versions
amd
epyc 7551p firmware
all versions
amd
epyc 7251 firmware
all versions
amd
epyc 7261 firmware
all versions
amd
epyc 7281 firmware
all versions
amd
epyc 7301 firmware
all versions
amd
epyc 7351 firmware
all versions
amd
epyc 7371 firmware
all versions
+37 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References