CVE-2026-0481

CVSS 9.2 CRITICALEPSS 0.3%CWE-1327

Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected products

AMD · AMD Instinct™ MI210 AMD · AMD Instinct™ MI250 AMD · AMD Instinct™ MI250X AMD · AMD Instinct™ MI300A AMD · AMD Instinct™ MI300X AMD · AMD Instinct™ MI308X AMD · AMD Instinct™ MI325X AMD · AMD Instinct™ MI350X AMD · AMD Instinct™ MI355X

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6031.html