Primary

Context

AMD Satellite Management Controller Redfish API Improper Input Validation Vulnerability Allowing File Removal

Vulnerability

A vulnerability exists in the Satellite Management Controller (SMC) of AMD Instinct MI300X accelerators, specifically within the Redfish API. This vulnerability arises from improper input validation, which may enable an attacker with privileges to manipulate Redfish API commands. Exploitation of this vulnerability could lead to the removal of files from the local root directory, potentially causing data corruption.

Impact

Exploitation of this vulnerability could result in unauthorized file removal from the root directory, leading to data corruption.

Remediation

Users are advised to update AMD Instinct MI300X accelerators to version BKC 24.10 or later.

Added: Sep 23, 2025, 10:19 PM

Updated: Sep 23, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD Satellite Management Controller Redfish API Improper Input Validation Vulnerability Allowing File Removal

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating