Cyber Resilience

CVE-2023-31324

High

Published: 11 February 2026

Published
11 February 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0001 0.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-31324 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Amd Radeon Software. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-31324 is a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in the AMD Secure Processor (ASP). It affects the External Global Memory Interconnect Trusted Agent (XGMI TA) commands during processing, potentially leading to loss of confidentiality, integrity, or availability. The vulnerability is classified under CWE-367 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity with local access required, high attack complexity, low privileges needed, no user interaction, and changed scope with high impacts across confidentiality, integrity, and availability.

A local attacker with low privileges could exploit this race condition by modifying XGMI TA commands in the ASP as they are processed. The high attack complexity arises from the need to precisely time the TOCTOU window. Successful exploitation could result in significant compromise, including unauthorized access to sensitive data (confidentiality loss), alteration of system resources (integrity loss), or denial of critical services (availability loss), all within a scope that extends beyond the vulnerable component.

AMD has published a product security bulletin at https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html addressing this issue, which security practitioners should consult for details on affected products, patch availability, and recommended mitigations.

EU & UK References

Vulnerability details

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

TOCTOU race condition in AMD Secure Processor allows local low-privileged attacker to modify trusted commands, directly enabling exploitation for privilege escalation with high impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2023-20548Same product: Amd Instinct Mi210
CVE-2024-53028Shared CWE-367
CVE-2026-41651Shared CWE-367
CVE-2026-41702Shared CWE-367
CVE-2026-27750Shared CWE-367
CVE-2026-21240Shared CWE-367
CVE-2026-45208Shared CWE-367
CVE-2024-45560Shared CWE-367
CVE-2024-53032Shared CWE-367
CVE-2026-20831Shared CWE-367

Affected Assets

amd
rocm
≤ 6.2.0
amd
radeon software
≤ 25.q2 · ≤ 24.6.1
amd
radeon pro vii firmware
all versions
amd
radeon vii firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the TOCTOU race condition vulnerability in the AMD Secure Processor by applying vendor-provided patches and updates.

prevent

Prevents unauthorized modification of XGMI TA commands via shared system resources exploited by the time-of-check to time-of-use race condition.

prevent

Implements memory protection to restrict low-privilege local attacker modifications to memory regions holding XGMI TA commands during processing.

References