diff --git a/changelog/security/2023-08-01-linux-firmware-20230625_p20230724.md b/changelog/security/2023-08-01-linux-firmware-20230625_p20230724.md
new file mode 100644
index 00000000000..64d37e1302e
--- /dev/null
+++ b/changelog/security/2023-08-01-linux-firmware-20230625_p20230724.md
@@ -0,0 +1 @@
+- linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/Manifest
index ff46bac4dae..fa71770299b 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/Manifest
@@ -1 +1 @@
-DIST linux-firmware-20230625.tar.xz 280854212 BLAKE2B 8ad8ce864e2a7b7d542569f5171ae0a7d9b05a1d55a04c507dbfb1939a60507ac8275eef24a165814aca8fdf93e6dbf3f7fbeaf25a8f46f022ca47b7b512401d SHA512 0e48aa7f63495485426d37491c7cb61843165625bd47f912c5d83628c6de871759f1a78be3af3d651f7c396bd87dff07e21ba7afc47896c1c143106d5f16d351
+DIST linux-firmware-20230625_p20230724.tar.gz 441906566 BLAKE2B 5bed31d9ad78440bb12feeacb1ba27a07ad30b0eb8c7bfd03a4e7a7590012af1f9535a49fbf031abf79dd05ca90be79566f06db6f955910edfdca61281831c67 SHA512 daaf07422eb6f3e1b50f8a5dba5bfff747fe6750c0210ab798745f61d774eef7642ab45b9b404c668cf017d6b7fcf89c34bce9e6c77053b1b81f1a3498c5be18
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-20230625.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-20230625_p20230724.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-20230625.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-20230625_p20230724.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-99999999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-99999999.ebuild
index 49f3564d48a..e562d2eed1b 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-99999999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-99999999.ebuild
@@ -10,7 +10,7 @@ inherit linux-info savedconfig
 
 # In case this is a real snapshot, fill in commit below.
 # For normal, tagged releases, leave blank
-MY_COMMIT=
+MY_COMMIT="59fbffa9ec8e4b0b31d2d13e715cf6580ad0e99c"
 
 if [[ ${PV} == 99999999* ]]; then
 	inherit git-r3
@@ -18,6 +18,7 @@ if [[ ${PV} == 99999999* ]]; then
 else
 	if [[ -n "${MY_COMMIT}" ]]; then
 		SRC_URI="https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/snapshot/${MY_COMMIT}.tar.gz -> linux-firmware-${PV}.tar.gz"
+		S="${WORKDIR}/${MY_COMMIT}"
 	else
 		SRC_URI="https://mirrors.edge.kernel.org/pub/linux/kernel/firmware/linux-firmware-${PV}.tar.xz -> linux-firmware-${PV}.tar.xz"
 	fi
@@ -67,6 +68,11 @@ src_unpack() {
 		git-r3_src_unpack
 	else
 		default
+		# rename directory from git snapshot tarball
+		if [[ ${#MY_COMMIT} -gt 8 ]]; then
+			mv ${MY_COMMIT}/ linux-firmware-${PV} || die
+		fi
+
 		# Upstream linux-firmware tarball does not contain
 		# symlinks for cxgb4 firmware files, but "modinfo
 		# cxgb4.ko" shows it requires t?fw.bin files. These