CVE-2023-20599

Summary

Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7002 Series ProcessorsRomePI 100H SEV 0.24.19 [hex 00.18.13]unaffected
AMDAMD Ryzen™ Threadripper™ 3000 ProcessorsCastlePeakPI-SP3r3_1.0.0.Funaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX ProcessorsChagallWSPI-sWRX8 1.0.0.Cunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000 WX ProcessorsCastlePeakWSPI-sWRX8 1.0.0.Hunaffected
AMDAMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5_1.0.1.2cunaffected
AMDAMD EPYC™ Embedded 7002 Series ProcessorsEmbRomePI-SP3 1.0.0.Bunaffected
AMDAMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 1.0.0.8unaffected
AMDAMD Ryzen™ Embedded R1000 Series ProcessorsEmbeddedPI-FP5 1211unaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsEmbeddedPI-FP5 1211unaffected
AMDAMD Ryzen™ Embedded R2000 Series ProcessorsEmbeddedR2KPI-FP5 1006unaffected
AMDAMD Ryzen™ Embedded V1000 Series ProcessorsEmbeddedPI-FP5 1211 RC1unaffected

Weaknesses

  • CWE-1262: CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References