feat: add Zenbleed (CVE-2023-20593) and update fwdb to v270+i20230614

2025-07-30 22:45:49 +02:00 · 2023-07-25 12:09:05 +02:00
parent 0d93c6ffb4
commit 9bb79a18eb
3 changed files with 222 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -20,6 +20,7 @@ CVE
 [CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135) | TSX asynchronous abort                              | TAA, ZombieLoad V2
 [CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207) | Machine Mheck Exception on Page Size Changes        | MCEPSC, No eXcuses, iTLB Multihit
 [CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543)   | Special Register Buffer Data Sampling               | SRBDS
+[CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593) | Cross-Process Information Leak                      | Zenbleed

 Supported operating systems:
 - Linux (all versions, flavors and distros)
@ -178,3 +179,9 @@ docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/m
   - Impact: Kernel
   - Mitigation: microcode update + kernel update helping to protect various CPU internal buffers from unprivileged speculative access to data
   - Performance impact of the mitigation: low
+
+**CVE-2023-20593** Cross-Process Information Leak (Zenbleed)
+
+   - Impact: Kernel & all software
+   - Mitigation: either kernel mitigation by disabling a CPU optimization through an MSR bit, or CPU microcode mitigation
+   - Performance impact of the mitigation: TBD