{
  "threat_severity" : "Moderate",
  "public_date" : "2023-11-14T06:30:00Z",
  "bugzilla" : {
    "description" : "hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem",
    "id" : "2244590",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2244590"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-221",
  "details" : [ "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.", "A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine (VM) memory integrity." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2024-02-09T00:00:00Z",
    "advisory" : "RHSA-2024:0753",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "linux-firmware-0:20200421-82.git78c0348.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)",
    "release_date" : "2024-02-26T00:00:00Z",
    "advisory" : "RHSA-2024:0978",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.6",
    "package" : "linux-firmware-0:20180911-69.3.git85c5d90.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support",
    "release_date" : "2024-02-27T00:00:00Z",
    "advisory" : "RHSA-2024:0979",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.7",
    "package" : "linux-firmware-0:20190429-75.gitddde598.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3178",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "linux-firmware-0:20240111-121.gitb3132c18.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2024-07-16T00:00:00Z",
    "advisory" : "RHSA-2024:4575",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "linux-firmware-0:20240419-102.git055dfa8e.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2024-03-05T00:00:00Z",
    "advisory" : "RHSA-2024:1112",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.6",
    "package" : "linux-firmware-0:20220210-114.git6342082c.el8_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "linux-firmware",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "linux-firmware",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-20592\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20592\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html" ],
  "name" : "CVE-2023-20592",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}