CVE-2023-20548
Awaiting Analysis Awaiting Analysis - Queue
TOCTOU Race Condition in AMD Secure Processor Risks Memory Corruption

Publication date: 2026-02-11

Last updated on: 2026-03-05

Assigner: Advanced Micro Devices Inc.

Description
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-03-05
Generated
2026-05-07
AI Q&A
2026-02-11
EPSS Evaluated
2026-05-05
NVD
CVE-2023-20548
EUVD
EUVD-2023-24727
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
amd rocm to 6.2.0 (exc)
amd radeon_software to 25.q2 (exc)
amd radeon_software to 24.6.1 (exc)
amd radeon_vii_firmware *
amd radeon_pro_vii_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Time-of-check time-of-use (TOCTOU) race condition found in the AMD Secure Processor (ASP). It means that there is a timing issue where the system checks a condition and then uses the result of that check, but an attacker can exploit the time gap between these two actions to corrupt memory.

Such a race condition can allow an attacker to interfere with the normal operation of the processor, potentially leading to corrupted memory.


How can this vulnerability impact me? :

Exploitation of this vulnerability could result in loss of integrity, confidentiality, or availability of the system.

  • Loss of integrity means that data or system processes could be altered or corrupted.
  • Loss of confidentiality means sensitive information could be exposed to unauthorized parties.
  • Loss of availability means that system resources or services could be disrupted or made unavailable.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart