CVE-2023-20548

Published: Feb 11, 2026Modified: Mar 5, 2026

7.1

Vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: psirt@amd.com (Secondary)

Description

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.

Affected (5)

Products: Amd: Rocm, Radeon Software, Radeon Vii Firmware, Radeon Pro Vii Firmware

4 products

Radeon Pro Vii Firmware

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Amd Rocm	Before 6.2.0

Running on/with	Platform Versions
Amd Instinct Mi210	All versions
Amd Instinct Mi250	All versions
Amd Instinct Mi300a	All versions
Amd Instinct Mi300x	All versions

Configuration B

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Amd Radeon Software	Before 25.q2

Running on/with	Platform Versions
Amd Radeon Pro W5500	All versions
Amd Radeon Pro W5500x	All versions
Amd Radeon Pro W5700	All versions
Amd Radeon Pro W5700x	All versions

Configuration C

1 vulnerable · 12 platform

Vulnerable Software	Affected Versions
Amd Radeon Software	Before 24.6.1

Running on/with	Platform Versions
Amd Radeon Rx 5300	All versions
Amd Radeon Rx 5300 Xt	All versions
Amd Radeon Rx 5300m	All versions
Amd Radeon Rx 5500	All versions
Amd Radeon Rx 5500 Xt	All versions
Amd Radeon Rx 5500m	All versions
Amd Radeon Rx 5600	All versions
Amd Radeon Rx 5600 Xt	All versions
Amd Radeon Rx 5600m	All versions
Amd Radeon Rx 5700	All versions
Amd Radeon Rx 5700 Xt	All versions
Amd Radeon Rx 5700m	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Radeon Vii Firmware	All versions

Running on/with	Platform Versions
Amd Radeon Vii	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Radeon Pro Vii Firmware	All versions

Running on/with	Platform Versions
Amd Radeon Pro Vii	All versions

Related CWEs

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (1)

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6024.html

Source: psirt@amd.com

Vendor Advisory

Timeline

No history available yet.