What is the CVSS score of CVE-2023-31324?

CVE-2023-31324 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Radeon Pro Vii Firmware are affected by CVE-2023-31324?

CVE-2023-31324 affects ROCm GPU software and allows attackers to manipulate trusted GPU memory interconnect commands, potentially compromising systems using AMD ROCm for compute workloads.

How to fix or mitigate CVE-2023-31324?

Within 24 hours: Inventory all systems running ROCm and assess exposure in production environments. Within 7 days: Implement network segmentation to isolate ROCm-enabled systems and restrict GPU workload sources to trusted internal networks only. Within 30 days: Establish continuous monitoring for ROCm updates and vendor patch releases; evaluate alternative GPU frameworks if risk tolerance is low and patches remain unavailable.

Radeon Pro Vii Firmware CVE-2023-31324

HIGH

Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

2026-02-11 psirt@amd.com

Race Condition Radeon Pro Vii Firmware Radeon Software Radeon Vii Firmware Rocm

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 11, 2026 - 15:16 nvd

HIGH 7.8

DescriptionNVD

A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.

AnalysisAI

Rocm contains a vulnerability that allows attackers to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as t (CVSS 7.8).

Technical ContextAI

affects Rocm. A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in loss of confidentiality, integrity, or availability.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2023-31324 vulnerability details – vuln.today

Back

Radeon Pro Vii Firmware CVE-2023-31324

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code