Improper Register Access Control in AMD Crypto Co-Processor
CVE-2023-20599

7.9HIGH

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7002 Series Processors; Amd Epyc™ 7003 Series Processors; Amd Ryzen™ Threadripper™ 3000 Processors; Amd Ryzen™ Threadripper™ Pro 3000 Wx Processors
Vendor: CVE Published:; 10 June 2025

What is CVE-2023-20599?

A vulnerability in the AMD Crypto Co-Processor arises from improper register access control, allowing an attacker with elevated privileges to gain unauthorized access to sensitive CCP registers. This exploitation may lead to compromised cryptographic operations by potentially altering key pointer or index values, thereby jeopardizing both the integrity and confidentiality of cryptographic data.

Affected Version(s)

AMD EPYC™ 7002 Series Processors RomePI 1.0.0.H

AMD EPYC™ Embedded 7002 Series Processors EmbRomePI-SP3 1.0.0.B

AMD EPYC™ Embedded 7003 Series Processors EmbMilanPI-SP3 1.0.0.8

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Oct 27, 2022

Amd

What is CVE-2023-20599?

Affected Version(s)

References

CVSS V3.1

Timeline