wikiSecurity instructions for AMD-SB-7039 Unauthorized access to the AMD Secure Processor crypto co-processor
On June 10th 2025, AMD published the Security Bulletin AMD-SB-7039. A security researcher has alerted AMD to a potential vulnerability that could allow an attacker to gain access to the registers of the Crypto Co-Processor (CCP), the x86 architecture(CVE-2023-20599). [1]
Affected systems
AMD EPYC systems:
- systems with "Zen 2" AMD EPYC 7002 Rome processors
- systems with "Zen 3" AMD EPYC 7003 Milan processors
AMD Threadripper systems:
- systems with "Zen 2" AMD Ryzen Threadripper 3000 Castle Peak processors
- systems with "Zen 3" AMD Ryzen Threadripper PRO 3000WX/5000WX Castle Peak and Chagall processors
Problem solution
Here is a tabular list of the corresponding CVEs and AGESA & firmware updates for the rectification of the respective CPU generation, if available.
AMD EPYC 7002 Rome (CPUID: 0x00830F10h):
| safety vulnerability | risk potential: | AGESA version |
|---|---|---|
| CVE-2023-20599 | 7.9 (high) |
RomePI 1.0.0.H SEV 0.24.19 [hex 00.18.13] (2023-11-07) |
AMD EPYC 7003 Milan (CPUID: 0x00A00F11) and Milan-X (CPUID: 0x00A00F12):
| security vulnerability | risk potential: | AGESA version |
|---|---|---|
| CVE-2023-20599 | 7.9 (high) |
MilanPI 1.0.0.C SEV 1.55.11 [hex 1.37.0B] (2023-12-18) |
AMD Ryzen Threadripper 3000 Castle Peak:
| security vulnerability | risk potential: | AGESA version |
|---|---|---|
| CVE-2023-20599 | 7.9 (high) | CastlePeakPI-SP3r3_1.0.0.F
(2025-04-08) |
AMD Ryzen Threadripper PRO 3000WX Castle Peak and Chagall:
| security vulnerability | risk potential: | AGESA version |
|---|---|---|
| CVE-2023-20599 | 7.9 (high) | ChagallWSPI-sWRX8
1.0.0.C (2025-04-03) |
| CVE-2023-20599 | 7.9 (high) | CastlePeakWSPI-sWRX8
1.0.0.H (2025-03-31) |
AMD Ryzen Threadripper PRO 5000WX Chagall:
| security vulnerability | risk potential: | AGESA version |
|---|---|---|
| CVE-2023-20599 | 7.9 (high) | ChagallWSPI-sWRX8
1.0.0.C (2025-04-03) |
Supermicro published a Security Bulletin for the security vulnerabilities. A list with BIOS versions of the corresponding mainboards, with AGESA version to close the gap, is also available. In the following, there is an extract from this chart which contains all mainboards offered by Thomas Krenn: [2]
| AMD motherboard | BIOS version |
|---|---|
| H11 – EPYC™ 7001/7002 series | 2.8 |
| H12 – H12SSW-AN6 – EPYC 7002/7003 series | 2.7 |
| H12 – H12SSW-iN/NT – EPYC 7002/7003 series | 2.8 |
| H12 – H12SSL-i/C/CT/NT – EPYC 7002/7003 series | 2.8 |
| H12 – H12DSi-N6/NT6 – EPYC 7002/7003 series | 3.0 |
Updates for products of Thomas-Krenn
Updates for the corresponding system can be found in the download area of Thomas-Krenn. The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.
If you require the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro.
References
Asus or Supermicro
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
- ↑ Unauthorized Access to AMD Secure Processor’s Crypto-Co-Processor - June 2025 (www.amd.com/en/resources/product-security, 10.06.2025)
- ↑ AMD Security Bulletin AMD-SB-7039, Juni 2025 (www.supermicro.com)
