CVE-2023-20599

CVSS 7.9 HIGHEPSS 0.2%CWE-1262

Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Affected products

AMD · AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics AMD · AMD EPYC™ 7002 Series Processors AMD · AMD EPYC™ Embedded 7002 Series Processors AMD · AMD EPYC™ Embedded 7003 Series Processors AMD · AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics AMD · AMD Ryzen™ Embedded R1000 Series Processors AMD · AMD Ryzen™ Embedded R2000 Series Processors AMD · AMD Ryzen™ Embedded V1000 Series Processors AMD · AMD Ryzen™ Threadripper™ 3000 Processors AMD · AMD Ryzen™ Threadripper™ PRO 3000 WX Processors

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7039.html