ГлавнаяУязвимости → CVE-2023-31324
7.8высокая

CVE-2023-31324

Описание

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.

Затрагиваемое ПО
Amd RocmAmd Instinct mi210Amd Instinct mi250Amd Instinct mi300aAmd Instinct mi300xAmd Radeon softwareAmd Radeon pro w5500Amd Radeon pro w5500xAmd Radeon pro w5700Amd Radeon pro w5700xAmd Radeon pro vii firmwareAmd Radeon pro viiAmd Radeon rx 5300Amd Radeon rx 5300 xtAmd Radeon rx 5300mAmd Radeon rx 5500Amd Radeon rx 5500 xtAmd Radeon rx 5500mAmd Radeon rx 5600Amd Radeon rx 5600 xtAmd Radeon rx 5600mAmd Radeon rx 5700Amd Radeon rx 5700 xtAmd Radeon rx 5700mAmd Radeon vii firmware
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Источники
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html