CVE-2023-31324 PUBLISHED

Assigner: AMD
Reserved: 27.04.2023 Published: 11.02.2026 Updated: 11.02.2026

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
CVSS Score: 7.1

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	Low	Confidentiality	Low
Attack Complexity	High	Integrity	High	Integrity	High
Attack Requirements	None	Availability	Low	Availability	Low
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	AMD
Product	AMD Radeon™ RX 5000 Series Graphics Products
Versions	Default: affected Version AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10) is unaffected

Vendor	AMD
Product	AMD Radeon™ PRO W5000 Series Graphics Products
Versions	Default: affected Version AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10) is unaffected

Vendor	AMD
Product	AMD Instinct™ MI210
Versions	Default: affected Version ROCm 6.4 is unaffected

Vendor	AMD
Product	AMD Instinct™ MI250
Versions	Default: affected Version ROCm 6.4 is unaffected

Vendor	AMD
Product	AMD Instinct™ MI300A
Versions	Default: affected Version ROCm 6.4 is unaffected

Vendor	AMD
Product	AMD Instinct™ MI300X
Versions	Default: affected Version ROCm 6.4 is unaffected

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html

Problem Types

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition CWE