← back
CVE-2020-12965

CVE-2020-12965

EPSS 2.4%
In short

AMD CPUs can briefly execute memory operations using incomplete addresses, potentially allowing attackers to read sensitive data that shouldn't be accessible.

Technical detail

This vulnerability exploits transient execution in AMD processors where non-canonical address loads/stores are temporarily executed using only the lower 48 bits, bypassing address validation. Exploitation requires specific software sequences combined with cache timing side-channels; the impact is potential data leakage from restricted memory regions.

Summary generated and translated by AI from the official description.
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.
Affected products
AMD · All supported processors

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010http://www.openwall.com/lists/oss-security/2023/12/05/3