# Advisory on CVE-2023-20569

## Sensitive information disclosure due to speculative side-channel attack

On August 8th, 2023, Advanced Micro Devices (AMD) disclosed a vulnerability in its recent computer processor microarchitecture. This vulnerability, known as the **Return Form Procedure (RET) Speculation** or **Inception**, may allow an attacker to obtain sensitive information from a system.

If an attacker can exploit this vulnerability, they could potentially exfiltrate information contained within different security contexts such as other [<mark style="color:blue;">Virtual Machines (VM)</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#virtual-machine-vm) or even the host device.

The CVE ID [<mark style="color:blue;">CVE-2023-20569</mark>](https://www.cve.org/CVERecord?id=CVE-2023-20569) is assigned to this vulnerability and classified as a medium severity by AMD.

## Impacted IONOS Cloud products

| Product Ranges   | Product                                                                                                                                               | Impacted | Mitigated | Patch Status |
| ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | --------- | ------------ |
| Compute Services | [<mark style="color:blue;">Dedicated Core Servers</mark>](https://docs.ionos.com/sections-test/guides/compute-services/compute-engine/dedicated-core) | Yes      | Yes       | Done         |
| Compute Services | [<mark style="color:blue;">vCPU Servers</mark>](https://docs.ionos.com/sections-test/guides/compute-services/compute-engine/vcpu-server)              | Yes      | Yes       | Done         |
| Compute Services | [<mark style="color:blue;">Cubes</mark>](https://docs.ionos.com/sections-test/guides/compute-services/cubes)                                          | Yes      | Yes       | Done         |

## What action has IONOS Cloud taken to mitigate the severity?

IONOS Cloud is committed to the privacy and security of our customers' data. We are aware of this vulnerability and have already initiated the required steps to mitigate this vulnerability. We are also investigating the exposure and risk of this vulnerability for our customer’s products and instances.

We will provide necessary updates as we learn more.

## How can I get help?

If you have further questions or concerns about this vulnerability, contact [<mark style="color:blue;">IONOS Cloud Support</mark>](https://docs.ionos.com/cloud/support/general-information/contact-information).