Vulnerability in Amd Instinct™ Mi210

CVE-2023-20548

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.000 (0.5th percentile) — read the EPSS interpretation.

Affected products

Amd Instinct™ Mi210 — versions ROCm 6.2
Amd Instinct™ Mi250 — versions ROCm 6.2
Amd Instinct™ Mi300a — versions ROCm 6.2
Amd Instinct™ Mi300x — versions ROCm 6.2
Amd Radeon™ Pro Vii — versions No fix planned
Amd Radeon™ Pro W5000 Series Graphics Products — versions AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
Amd Radeon™ Rx 5000 Series Graphics Products — versions AMD Software: Adrenalin Edition 25.6.1 (25.10.13.01), AMD Software: PRO Edition 25.Q2 (25.10.10)
Amd Radeon™ Vii — versions No fix planned

Weakness classification (CWE)

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition

References

www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html