CVE-2023-20599

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-20599
Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality.

7.9 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7039.html
Configurations

No configuration.

History

21 Nov 2025, 21:15

Type Values Removed Values Added
References
  • {'url': 'https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7039.html', 'source': 'psirt@amd.com'}
  • () https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7039.html -
Summary (en) Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86, resulting in potential loss of control of cryptographic key pointer/index, leading to loss of integrity or confidentiality. (en) Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality.

12 Jun 2025, 16:06

Type Values Removed Values Added
Summary
  • (es) Un control de acceso inadecuado a los registros en ASP puede permitir que un atacante privilegiado realice un acceso no autorizado a los registros del coprocesador criptográfico (CCP) de ASP desde x86, lo que genera una posible pérdida de control del índice/puntero de la clave criptográfica y, por consiguiente, una pérdida de integridad o confidencialidad.

10 Jun 2025, 17:17

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-10 17:17

Updated : 2025-11-21 21:15

NVD link : CVE-2023-20599

Mitre link : CVE-2023-20599

CVE.ORG link : CVE-2023-20599

JSON object : View

Products Affected

No product.

CWE
CWE-1262

Improper Access Control for Register Interface