Description
Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
High
Affected products
- AMD / AMD Instinct™ MI210DME v1.4.1.2 and v1.4.0.1 – DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI250DME v1.4.1.2 and v1.4.0.1 – DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI250XDME v1.4.1.2 and v1.4.0.1 – DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI300ADME v1.4.1.2 and v1.4.0.1 – DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI300XDME v1.4.1.2 and v1.4.0.1 – DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI308XDME v1.4.1.2 and v1.4.0.1 – DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI325XDME v1.4.1.2 and v1.4.0.1 – DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI350XDME v1.4.1.2 and v1.4.0.1 – DME v1.4.1.2 and v1.4.0.1
- AMD / AMD Instinct™ MI355XDME v1.4.1.2 and v1.4.0.1 – DME v1.4.1.2 and v1.4.0.1