AMD GPU Driver TOCTOU: Register Load Race Condition
CVE-2022-23826 Published on May 15, 2026

A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.

NVD

Weakness Type

What is a TOCTTOU Vulnerability?

The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state. This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.

CVE-2022-23826 has been classified to as a TOCTTOU vulnerability or weakness.


Affected Versions

AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics: AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics: AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics: AMD Ryzen™ Embedded R1000 Series Processors: AMD Ryzen™ Embedded R2000 Series Processors: AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge"): AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Picasso"): AMD Radeon™ RX 5000 Series Graphics Products: AMD Radeon™ PRO W5000 Series Graphics Products: AMD Radeon™ RX 6000 Series Graphics Products: AMD Radeon™ VII: AMD Radeon™ RX Vega Series Graphics Cards: AMD Radeon™ PRO W6000 Series Graphics Product: AMD Radeon™ PRO W6000 Series Graphics Products: AMD Radeon™ PRO WX 8000/9000 Series Graphics Cards: AMD Radeon™ PRO VII: AMD Instinct™ MI250: AMD Instinct™ MI210: AMD Radeon™ Instinct™ MI25: AMD Radeon™ PRO V520: AMD Radeon™ PRO V620: