Primary

Context

AMD Device Metrics Exporter Unrestricted IP Address Binding Vulnerability Allowing Unauthorized GPU Configuration Changes

Vulnerability

A vulnerability exists in the AMD Device Metrics Exporter, part of the ROCm ecosystem, due to unrestricted IP address binding. This issue allows remote, unauthenticated attackers to access the GPU-Agent gRPC server on port 50061, exposed on all network interfaces by default. The vulnerability is present only in Debian package deployments, not in Docker or Kubernetes environments. Exploitation could lead to unauthorized modifications of GPU configurations, potentially causing disruptions in availability.

Impact

Exploitation of this vulnerability could result in unauthorized changes to GPU configurations, disrupting availability.

Remediation

Users are advised to upgrade to version 1.4.1.2 for ROCm 7.1.x or version 1.4.0.1 for ROCm 7.0.x. For those on older ROCm releases, it is recommended to isolate the process within a network namespace or apply external firewall rules to restrict access.

Added: May 15, 2026, 5:21 AM

Updated: May 15, 2026, 5:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

8.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

8.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMD Device Metrics Exporter Unrestricted IP Address Binding Vulnerability Allowing Unauthorized GPU Configuration Changes

Vulnerability

Impact

Remediation

Affected Products

AMD Device Metrics Exporter

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating