CVE-2023-20599

Description

Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86, resulting in potential loss of control of cryptographic key pointer/index, leading to loss of integrity or confidentiality.

Reserved 2022-10-27 | Published 2025-06-10 | Updated 2025-06-11 | Assigner AMD

Problem types

CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings

Product status

Default status
affected

RomePI 1.0.0.H
unaffected

SEV 0.24.19 [hex 00.18.13]
unaffected

Default status
unknown

MilanPI 1.0.0.C
unaffected

SEV 1.55.11 [hex 1.37.0B]
unaffected

Default status
affected

CastlePeakPI-SP3r3_1.0.0.F
unaffected

Default status
affected

ChagallWSPI-sWRX8 1.0.0.C
unaffected

CastlePeakWSPI-sWRX8 1.0.0.H
unaffected

Default status
affected

ChagallWSPI-sWRX8 1.0.0.C
unaffected

Default status
affected

PicassoPI-FP5_1.0.1.2c
unaffected

Default status
affected

EmbRomePI-SP3 1.0.0.B
unaffected

Default status
affected

EmbMilanPI-SP3 1.0.0.8
unaffected

References

www.amd.com/...es/product-security/bulletin/amd-sb-7039.html

cve.org (CVE-2023-20599)

nvd.nist.gov (CVE-2023-20599)

Download JSON