CVE-2023-20588 - Divide By Zero

Severity

75%

Complexity

39%

Confidentiality

60%

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

CVSS 3.1 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Demo Examples

Divide By Zero

CWE-369

The following Java example contains a function to compute an average but does not validate that the input value used as the denominator is not zero. This will create an exception for attempting to divide by zero. If this error is not handled by Java exception handling, unexpected results can occur.


               
}
return totalTime / numRequests;

By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. The following Java code example will validate the input value, output an error message, and throw an exception.


               
}
return totalTime / numRequests;
throw ArithmeticException;

Divide By Zero

CWE-369

Divide By Zero

CWE-369

Overview

First reported 1 year ago

2023-08-08 18:15:00

Last updated 1 year ago

2023-11-02 01:16:00

Affected Software

Xen

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007

https://www.debian.org/security/2023/dsa-5480

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007

Vendor Advisory

https://www.debian.org/security/2023/dsa-5480

Third Party Advisory

https://www.debian.org/security/2023/dsa-5492

https://www.debian.org/security/2023/dsa-5492

Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/25/3

http://xenbits.xen.org/xsa/advisory-439.html

http://www.openwall.com/lists/oss-security/2023/09/25/4

http://www.openwall.com/lists/oss-security/2023/09/25/8

http://www.openwall.com/lists/oss-security/2023/09/25/5

http://www.openwall.com/lists/oss-security/2023/09/25/7

http://www.openwall.com/lists/oss-security/2023/09/26/8

http://www.openwall.com/lists/oss-security/2023/09/26/9

http://www.openwall.com/lists/oss-security/2023/09/27/1

http://www.openwall.com/lists/oss-security/2023/09/26/5

https://lists.fedoraproject.org/archives/list/[email protected]/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/

https://lists.fedoraproject.org/archives/list/[email protected]/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/

http://www.openwall.com/lists/oss-security/2023/10/03/9

http://www.openwall.com/lists/oss-security/2023/10/03/12

http://www.openwall.com/lists/oss-security/2023/10/03/15

http://www.openwall.com/lists/oss-security/2023/10/03/14

http://www.openwall.com/lists/oss-security/2023/10/03/13

http://www.openwall.com/lists/oss-security/2023/10/03/16

http://www.openwall.com/lists/oss-security/2023/10/04/1

http://www.openwall.com/lists/oss-security/2023/10/04/2

http://www.openwall.com/lists/oss-security/2023/10/04/3

http://www.openwall.com/lists/oss-security/2023/10/04/4

https://lists.fedoraproject.org/archives/list/[email protected]/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

http://www.openwall.com/lists/oss-security/2023/09/25/3

Mailing List, Third Party Advisory

http://xenbits.xen.org/xsa/advisory-439.html

Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/25/4

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/25/8

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/25/5

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/25/7

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/26/8

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/26/9

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/27/1

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/09/26/5

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/03/9

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/10/03/12

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/10/03/15

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/10/03/14

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/10/03/13

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/10/03/16

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/10/04/1

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/10/04/2

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/10/04/3

Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2023/10/04/4

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/

Mailing List

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Mailing List, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.