Strix
26.1K

CVE-2020-12965

HIGHCVSS 7.5/10EPSS 2.36%

Last modified

CVE-2020-12965 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.. EPSS estimates a 2.36% chance of exploitation in the next 30 days.

Description

When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
2.36%

81.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdRyzen Pro 5650g FirmwareAll versions
AmdRyzen Pro 5650ge FirmwareAll versions
AmdRyzen Pro 5750g FirmwareAll versions
AmdRyzen Pro 5750ge FirmwareAll versions
AmdRyzen Pro 5350g FirmwareAll versions
AmdRyzen Pro 5350ge FirmwareAll versions
AmdRyzen Pro 4750g FirmwareAll versions
AmdRyzen Pro 4750ge FirmwareAll versions
AmdRyzen Pro 4650g FirmwareAll versions
AmdRyzen Pro 4650ge FirmwareAll versions
AmdRyzen Pro 4350g FirmwareAll versions
AmdRyzen Pro 4350ge FirmwareAll versions
AmdRyzen Pro 3900 FirmwareAll versions
AmdRyzen Pro 3700 FirmwareAll versions
AmdRyzen Pro 3600 FirmwareAll versions
AmdRyzen Pro 3400g FirmwareAll versions
AmdRyzen Pro 3400ge FirmwareAll versions
AmdRyzen Pro 3350g FirmwareAll versions
AmdRyzen Pro 3200g FirmwareAll versions
AmdRyzen Pro 3200ge FirmwareAll versions
AmdRyzen Pro 2400g FirmwareAll versions
AmdRyzen Pro 2400ge FirmwareAll versions
AmdRyzen Pro 2200g FirmwareAll versions
AmdRyzen Pro 2200ge FirmwareAll versions
AmdRyzen Threadripper Pro 3995wx FirmwareAll versions
AmdRyzen Threadripper Pro 3975wx FirmwareAll versions
AmdRyzen Threadripper Pro 3955wx FirmwareAll versions
AmdRyzen Threadripper Pro 3945wx FirmwareAll versions
AmdAthlon Gold Pro 3150g FirmwareAll versions
AmdAthlon Gold Pro 3150ge FirmwareAll versions
AmdAthlon Silver Pro 3125ge FirmwareAll versions
AmdAthlon Pro 300ge FirmwareAll versions
AmdAthlon Pro 200ge FirmwareAll versions
AmdRyzen Threadripper 3990x FirmwareAll versions
AmdRyzen Threadripper 3970x FirmwareAll versions
AmdRyzen Threadripper 3960x FirmwareAll versions
AmdRyzen Threadripper 2990wx FirmwareAll versions
AmdRyzen Threadripper 2970wx FirmwareAll versions
AmdRyzen Threadripper 2950x FirmwareAll versions
AmdRyzen Threadripper 2920x FirmwareAll versions
AmdRyzen Threadripper 1950x FirmwareAll versions
AmdRyzen Threadripper 1920x FirmwareAll versions
AmdRyzen Threadripper 1900x FirmwareAll versions
AmdRyzen 5950x FirmwareAll versions
AmdRyzen 5800x3d FirmwareAll versions
AmdRyzen 5900x FirmwareAll versions
AmdRyzen 5800x FirmwareAll versions
AmdRyzen 5600x FirmwareAll versions
AmdRyzen 5700g FirmwareAll versions
AmdRyzen 5600g FirmwareAll versions

Showing 50 of 63 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-12965?
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.
How severe is CVE-2020-12965?
CVE-2020-12965 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.36% probability of exploitation in the next 30 days.
How do I fix CVE-2020-12965?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-12965?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST