CVE-2023-20548

Summary

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Radeon™ RX 5000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)unaffected
AMDAMD Radeon™ PRO W5000 Series Graphics ProductsAMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)unaffected
AMDAMD Radeon™ VIINo fix plannedunaffected
AMDAMD Radeon™ PRO VIINo fix plannedunaffected
AMDAMD Instinct™ MI210ROCm 6.2unaffected
AMDAMD Instinct™ MI250ROCm 6.2unaffected
AMDAMD Instinct™ MI300XROCm 6.2unaffected
AMDAMD Instinct™ MI300AROCm 6.2unaffected

Weaknesses

  • CWE-367: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References