CVE-2023-31324
7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD Radeon™ RX 5000 Series Graphics Products | AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10) | unaffected |
| AMD | AMD Radeon™ PRO W5000 Series Graphics Products | AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10) | unaffected |
| AMD | AMD Instinct™ MI210 | ROCm 6.4 | unaffected |
| AMD | AMD Instinct™ MI250 | ROCm 6.4 | unaffected |
| AMD | AMD Instinct™ MI300A | ROCm 6.4 | unaffected |
| AMD | AMD Instinct™ MI300X | ROCm 6.4 | unaffected |
Weaknesses
- CWE-367: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.