Description
Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Affected products
- AMD / AMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsEmbeddedPI-FP5 1211 – EmbeddedPI-FP5 1211
- AMD / AMD EPYC™ 7002 Series ProcessorsRomePI 100H SEV 0.24.19 [hex 00.18.13] – RomePI 100H SEV 0.24.19 [hex 00.18.13]
- AMD / AMD EPYC™ Embedded 7002 Series ProcessorsEmbRomePI-SP3 1.0.0.B – EmbRomePI-SP3 1.0.0.B
- AMD / AMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 1.0.0.8 – EmbMilanPI-SP3 1.0.0.8
- AMD / AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ GraphicsPicassoPI-FP5_1.0.1.2c – PicassoPI-FP5_1.0.1.2c
- AMD / AMD Ryzen™ Embedded R1000 Series ProcessorsEmbeddedPI-FP5 1211 – EmbeddedPI-FP5 1211
- AMD / AMD Ryzen™ Embedded R2000 Series ProcessorsEmbeddedR2KPI-FP5 1006 – EmbeddedR2KPI-FP5 1006
- AMD / AMD Ryzen™ Embedded V1000 Series ProcessorsEmbeddedPI-FP5 1211 RC1 – EmbeddedPI-FP5 1211 RC1
- AMD / AMD Ryzen™ Threadripper™ 3000 ProcessorsCastlePeakPI-SP3r3_1.0.0.F – CastlePeakPI-SP3r3_1.0.0.F
- AMD / AMD Ryzen™ Threadripper™ PRO 3000 WX ProcessorsChagallWSPI-sWRX8 1.0.0.C – ChagallWSPI-sWRX8 1.0.0.C
- AMD / AMD Ryzen™ Threadripper™ PRO 3000 WX ProcessorsCastlePeakWSPI-sWRX8 1.0.0.H – CastlePeakWSPI-sWRX8 1.0.0.H