CVE-2023-20599

HIGH

AMD EPYC 7002 Series Processors - Authenticated Improper Access Control for Register Interface

Title source: llm

Description

Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality.

References (1)

Core 1

Core References

Vendor Advisory

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7039.html

Scores

CVSS v3 7.9

EPSS 0.0010

EPSS Percentile 26.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1262

Status published

Products (11)

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics EmbeddedPI-FP5 1211

AMD/AMD EPYC™ 7002 Series Processors RomePI 100H SEV 0.24.19 [hex 00.18.13]

AMD/AMD EPYC™ Embedded 7002 Series Processors EmbRomePI-SP3 1.0.0.B

AMD/AMD EPYC™ Embedded 7003 Series Processors EmbMilanPI-SP3 1.0.0.8

AMD/AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5_1.0.1.2c

AMD/AMD Ryzen™ Embedded R1000 Series Processors EmbeddedPI-FP5 1211

AMD/AMD Ryzen™ Embedded R2000 Series Processors EmbeddedR2KPI-FP5 1006

AMD/AMD Ryzen™ Embedded V1000 Series Processors EmbeddedPI-FP5 1211 RC1

AMD/AMD Ryzen™ Threadripper™ 3000 Processors CastlePeakPI-SP3r3_1.0.0.F

AMD/AMD Ryzen™ Threadripper™ PRO 3000 WX Processors CastlePeakWSPI-sWRX8 1.0.0.H

... and 1 more

Published Jun 10, 2025

Tracked Since Feb 18, 2026