FKIE_CVE-2023-31324

Vulnerability from fkie_nvd - Published: 2026-02-11 15:16 - Updated: 2026-03-05 17:45
Severity
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
References
psirt@amd.comhttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.htmlVendor Advisory
Impacted products
Vendor Product Version
amd rocm *
amd instinct_mi210 -
amd instinct_mi250 -
amd instinct_mi300a -
amd instinct_mi300x -
amd radeon_software *
amd radeon_pro_w5500 -
amd radeon_pro_w5500x -
amd radeon_pro_w5700 -
amd radeon_pro_w5700x -
amd radeon_pro_vii_firmware -
amd radeon_pro_vii -
amd radeon_software *
amd radeon_rx_5300 -
amd radeon_rx_5300_xt -
amd radeon_rx_5300m -
amd radeon_rx_5500 -
amd radeon_rx_5500_xt -
amd radeon_rx_5500m -
amd radeon_rx_5600 -
amd radeon_rx_5600_xt -
amd radeon_rx_5600m -
amd radeon_rx_5700 -
amd radeon_rx_5700_xt -
amd radeon_rx_5700m -
amd radeon_vii_firmware -
amd radeon_vii -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:amd:rocm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "280118E2-8D8C-4EF8-B36C-6C0AE6BF5D66",
              "versionEndExcluding": "6.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:amd:instinct_mi210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "484DB840-505D-42F6-A501-A949DA92F8DB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:instinct_mi250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "962D7BFE-F21D-4F6B-847A-B8928FD5B285",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:instinct_mi300a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D71A1D3-6B0E-47A9-8FC8-865FE99ED0C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:instinct_mi300x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26D059FC-E022-4A9E-9B58-E5C32FF27654",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*",
              "matchCriteriaId": "AF47222B-FCB3-4C00-AAB1-AD61671054D3",
              "versionEndExcluding": "25.q2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27D5FA49-D783-4DA5-AAED-F3BE3B4DA16D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w5500x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8E9065-121A-4220-A631-3B3EB43B2AAB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39052CC-CC5F-4782-9CCE-2F5C8342AD79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_w5700x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CE2D18A-955A-4415-A5B2-18258C0277B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:amd:radeon_pro_vii_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27491F29-F676-4442-92A0-57920D2E0BAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:amd:radeon_pro_vii:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00F476B3-DBA8-4857-A78D-357D19DECD1A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*",
              "matchCriteriaId": "8B95FEA4-F26E-45B0-9663-CF6730DB8400",
              "versionEndExcluding": "24.6.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9995FBE-D440-45BA-86B5-1CFADF5BEE2B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5300_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6289D311-1997-47E7-B8D9-75C27CD0B9D1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5300m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "02AA337B-595F-4859-A82A-DEC7BB346773",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C7F0F81-2896-4E79-AC16-EA6AA9EBE7B3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5500_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F08BE928-65AA-4E21-A8F0-D013C8FFB693",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5500m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1952152-A184-4FC9-B1CC-008B8238B5ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B2BEAF-AA1F-414D-A3DF-348B1033CAC8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5600_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D51EA58C-3684-4567-A213-9351F2E521B9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5600m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0026781-F1DA-4533-870E-BCA14CFC7005",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27B8E08F-2DAC-41CF-9105-D9A4FDDEE19A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5700_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB84A38-F651-44CB-93EF-502F1A197FBA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:amd:radeon_rx_5700m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CEDC946-3685-4533-8D97-BDBDFB7AACBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:amd:radeon_vii_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCA58AA-6BFB-4293-A5D2-ED44C4DA5C94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:amd:radeon_vii:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE4CB07-9CC2-41E5-9964-078BB1E8A00D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability."
    },
    {
      "lang": "es",
      "value": "Una condici\u00f3n de carrera de tiempo de verificaci\u00f3n y tiempo de uso (TOCTOU) en el AMD Secure Processor (ASP) podr\u00eda permitir a un atacante modificar comandos del Agente de Confianza de Interconexi\u00f3n de Memoria Global Externa (XGMI TA) mientras se procesan, lo que podr\u00eda resultar en la p\u00e9rdida de confidencialidad, integridad o disponibilidad."
    }
  ],
  "id": "CVE-2023-31324",
  "lastModified": "2026-03-05T17:45:32.873",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "psirt@amd.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-11T15:16:11.487",
  "references": [
    {
      "source": "psirt@amd.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html"
    }
  ],
  "sourceIdentifier": "psirt@amd.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "psirt@amd.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.