Improper Register Access Control in AMD Crypto Co-Processor
CVE-2023-20599

7.9HIGH

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7002 Series Processors; Amd Ryzen™ Threadripper™ 3000 Processors; Amd Ryzen™ Threadripper™ Pro 3000 Wx Processors; Amd Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 10 June 2025

What is CVE-2023-20599?

A vulnerability in the AMD Crypto Co-Processor arises from improper register access control, allowing an attacker with elevated privileges to gain unauthorized access to sensitive CCP registers. This exploitation may lead to compromised cryptographic operations by potentially altering key pointer or index values, thereby jeopardizing both the integrity and confidentiality of cryptographic data.

Affected Version(s)

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics EmbeddedPI-FP5 1211

AMD EPYC™ 7002 Series Processors RomePI 100H SEV 0.24.19 [hex 00.18.13]

AMD EPYC™ Embedded 7002 Series Processors EmbRomePI-SP3 1.0.0.B

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Oct 27, 2022

JSON

Amd

What is CVE-2023-20599?

Affected Version(s)

References

CVSS V3.1

Timeline