Unrestricted IP Address Binding in AMD Device Metrics Exporter
CVE-2026-0481

9.2CRITICAL

Key Information:

Vendor: Amd
Status: Amd Instinct™ Mi210; Amd Instinct™ Mi250; Amd Instinct™ Mi300a; Amd Instinct™ Mi300x
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-0481?

The AMD Device Metrics Exporter in the ROCm ecosystem is vulnerable to unrestricted IP address binding. This flaw permits remote attackers to manipulate GPU configurations without proper authorization, which can lead to significant disruptions in service availability. Organizations utilizing AMD's solutions should review their security practices to prevent potential abuse of this vulnerability.

Affected Version(s)

AMD Instinct™ MI210 DME v1.4.1.2 and v1.4.0.1

AMD Instinct™ MI250 DME v1.4.1.2 and v1.4.0.1

AMD Instinct™ MI250X DME v1.4.1.2 and v1.4.0.1

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Dec 6, 2025

CVE-2026-0481 Data

JSON

Amd

What is CVE-2026-0481?

Affected Version(s)

References

CVSS V4

Timeline