CVE-2023-31324
Awaiting Analysis Awaiting Analysis - Queue
TOCTOU Race Condition in AMD Secure Processor Risks Data Integrity

Publication date: 2026-02-11

Last updated on: 2026-03-05

Assigner: Advanced Micro Devices Inc.

Description
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-03-05
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2023-31324
EUVD
EUVD-2023-35635
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
amd rocm to 6.2.0 (exc)
amd radeon_software to 25.q2 (exc)
amd radeon_pro_vii_firmware *
amd radeon_software to 24.6.1 (exc)
amd radeon_vii_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

I don't know

Mitigation Strategies

I don't know

Executive Summary

This vulnerability is a Time-of-check time-of-use (TOCTOU) race condition found in the AMD Secure Processor (ASP). It allows an attacker to modify commands related to the External Global Memory Interconnect Trusted Agent (XGMI TA) while they are being processed.

Because of this race condition, the attacker could potentially cause a loss of confidentiality, integrity, or availability of the system.

Impact Analysis

The impact of this vulnerability could be significant as it may lead to loss of confidentiality, integrity, or availability of the affected system.

  • Loss of confidentiality means sensitive information could be exposed.
  • Loss of integrity means data or commands could be altered maliciously.
  • Loss of availability means the system or services could be disrupted or made unavailable.
Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-31324. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart