CVE-2023-31324
Last modified
CVE-2023-31324 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.. EPSS estimates a 0.10% chance of exploitation in the next 30 days.
Description
A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Amd | Rocm | < 6.2.0 |
| Amd | Radeon Software | < 25.q2 |
| Amd | Radeon Pro Vii Firmware | All versions |
| Amd | Radeon Software | < 24.6.1 |
| Amd | Radeon Vii Firmware | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-31324?
How severe is CVE-2023-31324?
How do I fix CVE-2023-31324?
Are you affected by CVE-2023-31324?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST