CVE-2023-31324
Awaiting Analysis
Awaiting Analysis - Queue
TOCTOU Race Condition in AMD Secure Processor Risks Data Integrity
Vulnerability report for CVE-2023-31324, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-02-11
Last updated on: 2026-03-05
Assigner: Advanced Micro Devices Inc.
Description
Description
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | rocm | to 6.2.0 (exc) |
| amd | radeon_software | to 25.q2 (exc) |
| amd | radeon_pro_vii_firmware | * |
| amd | radeon_software | to 24.6.1 (exc) |
| amd | radeon_vii_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |