CVE Vulnerabilities

CVE-2023-20599

Improper Access Control for Register Interface

Published: Jun 10, 2025 | Modified: Jun 12, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86, resulting in potential loss of control of cryptographic key pointer/index, leading to loss of integrity or confidentiality.

Weakness

The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.

Extended Description

Software commonly accesses peripherals in a System-on-Chip (SoC) or other device through a memory-mapped register interface. Malicious software could tamper with any security-critical hardware data that is accessible directly or indirectly through the register interface, which could lead to a loss of confidentiality and integrity.

Potential Mitigations

References