CVE-2023-20592
Publication date 14 November 2023
Last updated 26 August 2025
Ubuntu priority
Description
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| amd64-microcode | ||
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Ignored no real-world users |
Notes
alexmurray
The microcode revisions listed in the AMD advisory AMD-SB-3005 were contained in the upstream commit b250b32ab1d044953af2dc5e790819a7703b7ee6 - this was already provided to the various Ubuntu releases in USN-6319-1 for CVE-2023-20569, as such they are not affected by this CVE.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |