CVE-2026-0481

Received

Published: 15 May 2026, 03:04

Last modified:15 May 2026, 03:04

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.2 CRITICAL

v4.0 (cve.org)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

15 May 2026, 03:04

Published

Vulnerability first disclosed

Description

Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability

CVSS Metrics

v4.0•CRITICAL•Score: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
v4.0•CRITICAL•Score: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Techniques & Countermeasures

CWE-1327•Binding to an Unrestricted IP Address
The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.

References (1)

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6031.html