CVE-2023-31324Time-of-check Time-of-use (TOCTOU) Race Condition in AMD Radeon Software

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 99.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AMD Radeon SoftwareAMD Rocm
Timeline
PublishedFeb 11

Description

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

Affected Packages2 packages

NVDamd/rocm< 6.2.0
NVDamd/radeon_software< 25.q2+1

🔴Vulnerability Details

2
CVEList
CVE-2023-31324: A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interco2026-02-11
GHSA
GHSA-j7v8-xc2j-g5q6: A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interco2026-02-11
CVE-2023-31324 — AMD Radeon Software vulnerability | cvebase