Vulnerability Description
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Rocm | < 6.2.0 |
| Amd | Instinct Mi210 | - |
| Amd | Instinct Mi250 | - |
| Amd | Instinct Mi300A | - |
| Amd | Instinct Mi300X | - |
| Amd | Radeon Software | < 25.q2 |
| Amd | Radeon Pro W5500 | - |
| Amd | Radeon Pro W5500X | - |
| Amd | Radeon Pro W5700 | - |
| Amd | Radeon Pro W5700X | - |
| Amd | Radeon Pro Vii Firmware | - |
| Amd | Radeon Pro Vii | - |
| Amd | Radeon Rx 5300 | - |
| Amd | Radeon Rx 5300 Xt | - |
| Amd | Radeon Rx 5300M | - |
| Amd | Radeon Rx 5500 | - |
| Amd | Radeon Rx 5500 Xt | - |
| Amd | Radeon Rx 5500M | - |
| Amd | Radeon Rx 5600 | - |
| Amd | Radeon Rx 5600 Xt | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2023-31324?
CVE-2023-31324 is a vulnerability with a CVSS score of 7.8 (HIGH). A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are...
How severe is CVE-2023-31324?
CVE-2023-31324 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31324?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Rocm, Amd Instinct Mi210, Amd Instinct Mi250, Amd Instinct Mi300A, Amd Instinct Mi300X.