VDB
GCVE-110-MAGEIA-2023-242
GCVE-110-MAGEIA-2023-242
Advisory Published
This kernel update is based on upstream 5.15.122 and fixes atleast
the following security issue:
Under specific microarchitectural circumstances, a register in "Zen 2"
CPUs may not be written to 0 correctly. This may cause data from another
process and/or thread to be stored in the YMM register, which may allow
an attacker to potentially access sensitive information (CVE-2023-20593,
also known as Zenbleed)
This update adds a kernel-side mitigation for this issue to protect users
until Amd gets their fixed microcode / AGESA updates out for all affected
CPUs. The fixed microcode for Amd EPYC gen2 is available in the
microcode-0.20230613-2.mga8.nonfree package. For other affected CPUs, see
the referenced amd.com url that has info about estimated microcode update
timelines for various CPUs.
For other upstream fixes in this update, see the referenced changelogs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | kmod-virtualbox | 7.0.10-1.1.mga8 (unaffected), 0 (affected) | — |
| Mageia | kmod-xtables-addons | 0 (affected), 3.23-1.23.mga8 (unaffected) | — |
| Mageia | kernel | 0 (affected), 5.15.122-1.mga8 (unaffected) | — |
Aliases
Browse GCVE Records
72,096 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.