Improper Privilege Management Affecting amdsmi package, versions [,6.1.2)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Improper Privilege Management vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PYTHON-AMDSMI-8145544
- published2 Oct 2024
- disclosed1 Oct 2024
- creditUnknown
Introduced: 1 Oct 2024
CVE NOT AVAILABLE CWE-269 (opens in a new tab)How to fix?
Upgrade amdsmi to version 6.1.2 or higher.
Overview
amdsmi is an AMDSMI Python LIB - AMD GPU Monitoring Library
Affected versions of this package are vulnerable to Improper Privilege Management via the amdsmi_set_gpu_process_isolation and amdsmi_set_gpu_clear_sram_data due to improper handling of root-required operations for process isolation and SRAM data clearing. Attackers could exploit misconfigured permissions to gain unauthorized access or manipulate GPU processes.
Note:
This vulnerability is specific to systems where these features are enabled without adequate security measures.
Workaround
This vulnerability can be mitigated by ensuring proper configuration of permissions and restricting root access to trusted users only.