CVE-2022-23826 - Vulnerability Details - OpenCVE

A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.

Attack Vector Local

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html

History

Fri, 15 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 15 May 2026 04:45:00 +0000

Type	Values Removed	Values Added
Title		Time‑Of‑Check to Time‑Of‑Use Race Condition in AMD Graphics Interface

Fri, 15 May 2026 03:00:00 +0000

Type	Values Removed	Values Added
Description		A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.
Weaknesses		CWE-367
References		https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
Metrics		cvssV4_0 `{'score': 1.8, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2026-05-15T02:30:16.389Z

Updated: 2026-05-15T13:20:55.905Z

Reserved: 2022-01-21T17:20:55.780Z

Link: CVE-2022-23826

Vulnrichment

Updated: 2026-05-15T13:20:52.816Z

NVD

Status : Awaiting Analysis

Published: 2026-05-15T03:16:20.220

Modified: 2026-05-15T14:10:17.083

Link: CVE-2022-23826

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-15T04:30:36Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-23826", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-01-21T17:20:55.780Z", "datePublished": "2026-05-15T02:30:16.389Z", "dateUpdated": "2026-05-15T13:20:55.905Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2026-05-15T02:30:46.618Z"}, "datePublic": "2026-05-15T02:29:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "type": "CWE"}]}], "affected": [{"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP5_1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedR2KPI-FP5_1.0.0.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP5_1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Picasso\")", "versions": [{"status": "unaffected", "version": "120A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 VII", "versions": [{"status": "unaffected", "version": "AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 RX Vega Series Graphics Cards", "versions": [{"status": "unaffected", "version": "AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Product", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO WX 8000/9000 Series Graphics Cards", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO VII", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Instinct\u2122 MI250", "versions": [{"status": "unaffected", "version": "ROCm 6.4.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Instinct\u2122 MI210", "versions": [{"status": "unaffected", "version": "ROCm 6.4.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 Instinct\u2122 MI25", "versions": [{"status": "unaffected", "version": "Contact your AMD Customer Engineering representative"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO V520", "versions": [{"status": "unaffected", "version": "Contact your AMD Customer Engineering representative"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO V620", "versions": [{"status": "unaffected", "version": "Contact your AMD Customer Engineering representative"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.<br>"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "LOW", "baseScore": 1.8, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-15T13:20:50.340534Z", "id": "CVE-2022-23826", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-15T13:20:55.905Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-23826", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-01-21T17:20:55.780Z", "datePublished": "2026-05-15T02:30:16.389Z", "dateUpdated": "2026-05-15T13:20:55.905Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2026-05-15T02:30:46.618Z"}, "datePublic": "2026-05-15T02:29:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "type": "CWE"}]}], "affected": [{"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP5_1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedR2KPI-FP5_1.0.0.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP5_1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Picasso\")", "versions": [{"status": "unaffected", "version": "120A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "AMD Software: Adrenalin Edition 25.5.1 (25.10.01.09)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 VII", "versions": [{"status": "unaffected", "version": "AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 RX Vega Series Graphics Cards", "versions": [{"status": "unaffected", "version": "AMD Software: Adrenalin Edition 25.5.1 (23.19.23.01 pre-RDNA)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Product", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 25.Q2 (25.10.10)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO WX 8000/9000 Series Graphics Cards", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO VII", "versions": [{"status": "unaffected", "version": "AMD Software: PRO Edition 25.Q2 (23.19.23.01 pre-RDNA)"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Instinct\u2122 MI250", "versions": [{"status": "unaffected", "version": "ROCm 6.4.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Instinct\u2122 MI210", "versions": [{"status": "unaffected", "version": "ROCm 6.4.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 Instinct\u2122 MI25", "versions": [{"status": "unaffected", "version": "Contact your AMD Customer Engineering representative"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO V520", "versions": [{"status": "unaffected", "version": "Contact your AMD Customer Engineering representative"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Radeon\u2122 PRO V620", "versions": [{"status": "unaffected", "version": "Contact your AMD Customer Engineering representative"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.<br>"}]}], "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "LOW", "baseScore": 1.8, "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "AMD PSIRT Automation 1.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-23826", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-15T13:20:50.340534Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-15T13:20:52.816Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity."}], "id": "CVE-2022-23826", "lastModified": "2026-05-15T14:10:17.083", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.8, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2026-05-15T03:16:20.220", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html"}, {"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "psirt@amd.com", "type": "Secondary"}]}