Vulnerability Description
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Rocm | < 6.2.0 |
| Amd | Instinct Mi210 | - |
| Amd | Instinct Mi250 | - |
| Amd | Instinct Mi300A | - |
| Amd | Instinct Mi300X | - |
| Amd | Radeon Software | < 25.q2 |
| Amd | Radeon Pro W5500 | - |
| Amd | Radeon Pro W5500X | - |
| Amd | Radeon Pro W5700 | - |
| Amd | Radeon Pro W5700X | - |
| Amd | Radeon Rx 5300 | - |
| Amd | Radeon Rx 5300 Xt | - |
| Amd | Radeon Rx 5300M | - |
| Amd | Radeon Rx 5500 | - |
| Amd | Radeon Rx 5500 Xt | - |
| Amd | Radeon Rx 5500M | - |
| Amd | Radeon Rx 5600 | - |
| Amd | Radeon Rx 5600 Xt | - |
| Amd | Radeon Rx 5600M | - |
| Amd | Radeon Rx 5700 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2023-20548?
CVE-2023-20548 is a vulnerability with a CVSS score of 7.8 (HIGH). A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
How severe is CVE-2023-20548?
CVE-2023-20548 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20548?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Rocm, Amd Instinct Mi210, Amd Instinct Mi250, Amd Instinct Mi300A, Amd Instinct Mi300X.