Primary

Context

AMD Satellite Management Controller Denial-of-Service Vulnerability via Redfish API Manipulation

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the Satellite Management Controller (SMC) of AMD Instinct MI300X accelerators. This issue arises from improper input validation, which may allow an attacker with privileges to use certain special characters in manipulated Redfish API commands. Such manipulation can cause service processes, like OpenBMC, to crash and reset, leading to a potential denial-of-service condition.

Impact

Exploitation of this vulnerability can cause service processes to crash and reset, disrupting normal operations and potentially leading to a denial-of-service condition.

Remediation

Users are advised to update AMD Instinct MI300X accelerators to version BKC 24.10 or later.

Added: Sep 23, 2025, 10:20 PM

Updated: Sep 23, 2025, 10:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD Satellite Management Controller Denial-of-Service Vulnerability via Redfish API Manipulation

Vulnerability

Impact

Remediation

Affected Products

AMD Instinct MI300X

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating