Description
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.
Published: 2026-05-15
Score: 1.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A time‑of‑check to time‑of‑use race condition in AMD graphics interfaces allows an attacker to repeatedly load registers, creating a race that may corrupt register values and cause loss of integrity. The weakness is classified as CWE‑367, indicating a race condition that could lead to inconsistent or unintended state changes in the graphics subsystem.

Affected Systems

Affected systems include a wide range of AMD products such as the Athlon 3000 Series Desktop and Mobile processors, the Instinct MI210 and MI250 accelerators, Radeon PRO V520, V620, VII, W5000 and W6000 series, WX 8000/9000 series, RX 5000 and RX 6000 series, Vega series, Radeon VII, Ryzen 3000 Series Mobile, and several Ryzen Embedded R1‑, R2‑, and V1000 series processors. No specific version information has been provided; all listed product families are considered affected.

Risk and Exploitability

The CVSS score of 1.8 indicates a low overall severity, and the EPSS score is not available, meaning the likelihood of exploitation is currently unknown. The vulnerability is not listed in the CISA KEV catalog, further suggesting a lower exploitation probability. Based on the description, it is inferred that a local user with the ability to perform privileged writes to the GPU registers could trigger the race condition; no remote exploitation vector is documented.

Generated by OpenCVE AI on May 15, 2026 at 04:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest AMD BIOS or firmware releases that address the graphics register handling bug
  • Apply the principle of least privilege by restricting which processes or services can access or modify GPU registers
  • If the integrated graphics or specific GPU device is not required, consider disabling or isolating it to remove the vulnerable race condition from the attack surface

Generated by OpenCVE AI on May 15, 2026 at 04:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Time‑Of‑Check to Time‑Of‑Use Race Condition in AMD Graphics Interface

Fri, 15 May 2026 03:00:00 +0000

Type Values Removed Values Added
Description A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.
Weaknesses CWE-367
References
Metrics cvssV4_0

{'score': 1.8, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-15T13:20:55.905Z

Reserved: 2022-01-21T17:20:55.780Z

Link: CVE-2022-23826

cve-icon Vulnrichment

Updated: 2026-05-15T13:20:52.816Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:20.220

Modified: 2026-05-15T14:10:17.083

Link: CVE-2022-23826

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T04:30:36Z

Weaknesses