CRITICALCVE-2026-0481Published Modified CNA AMD
CVE-2026-0481: Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability
Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability
Metrics
- CVSS v4.0
- 9.2
- Severity
- CRITICAL
- Fixed in
- DME v1.4.1.2 and v1.4.0.1
- Affected Products
- 9
Fix available
DME v1.4.1.2 and v1.4.0.1
Affected packages
- AMD / AMD Instinct™ MI210Fixed in DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI250Fixed in DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI300AFixed in DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI300XFixed in DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI325XFixed in DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI350XFixed in DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI355XFixed in DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI308XFixed in DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI250XFixed in DME v1.4.1.2 and v1.4.0.1
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:HReferences