EUVD-2023-24778
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
3Description
Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality.
Analysis
CVE-2023-20599 is an improper register access control vulnerability in AMD's ASP (AMD Secure Processor) that allows a privileged local attacker to gain unauthorized access to the Crypto Co-Processor (CCP) registers, potentially compromising cryptographic key management and leading to loss of confidentiality or integrity. The vulnerability affects AMD EPYC and Ryzen processors with ASP implementations. While the CVSS score of 7.9 indicates high severity, exploitation requires high privilege level (PR:H) and local access (AV:L), limiting real-world attack surface; however, this is an actively tracked vulnerability relevant to data center and workstation security.
Technical Context
The vulnerability exists in AMD's ASP (AMD Secure Processor), a dedicated security coprocessor integrated into AMD EPYC and Ryzen processors. The ASP manages the Crypto Co-Processor (CCP), which handles cryptographic operations including key storage and management. CWE-1262 (Improper Access Control to Register Interface) describes the root cause: inadequate access controls on memory-mapped or hardware registers that should restrict access to privileged operations. An attacker with high-level privileges can access CCP registers that should be protected, potentially reading or modifying cryptographic key pointers and indices. The vulnerability stems from insufficient validation or enforcement of access control policies at the register interface level, allowing register operations that bypass intended security boundaries. This affects the hardware abstraction layer and firmware that manages CCP resource access across privilege levels.
Affected Products
AMD ASP (AMD Secure Processor) implementations in the following product families: (1) AMD EPYC processors (Naples, Rome, Milan, Genoa generations) used in server/data center deployments; (2) AMD Ryzen processors (Zen 3, Zen 4 architecture) in consumer workstations and laptops; (3) AMD Threadripper processors with integrated ASP. CPE strings would typically map to 'cpe:2.3:h:amd:epyc:*:*:*:*:*:*:*:*' and 'cpe:2.3:h:amd:ryzen:*:*:*:*:*:*:*:*'. The vulnerability affects firmware and BIOS implementations that manage CCP access. AMD released security updates through EPYC and Ryzen processor microcode updates and corresponding BIOS/UEFI firmware revisions from OEMs (Dell, HP, Lenovo, etc.). Server vendors including HPE ProLiant, Dell PowerEdge, and Lenovo ThinkSystem platforms with affected AMD EPYC processors require patched firmware.
Remediation
Remediation consists of three components: (1) Microcode updates: AMD released processor microcode patches that implement proper register access controls for CCP operations; apply via firmware/BIOS updates from the processor vendor. (2) BIOS/UEFI firmware updates: OEMs (Dell, HPE, Lenovo, Supermicro) released BIOS updates incorporating the patched microcode; check vendor support pages for affected server/workstation models and download the latest BIOS revision. (3) Administrative controls: Limit high-privilege access (root/SYSTEM) to trusted users and processes; implement PAM/SELinux policies to restrict operations that could access privileged register interfaces; monitor for unusual privileged process behavior. For affected EPYC systems: Check AMD EPYC Security Update advisories and OEM-specific bulletins (Dell, HPE, Lenovo) for patched BIOS versions. For Ryzen systems: Update BIOS through the manufacturer (ASUS, MSI, Gigabyte for workstations/consumer boards) to the latest version incorporating the security patch. No workarounds exist beyond patching and access control; this is a hardware/firmware issue requiring updates.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today