The Red Hat AI Inference Server 3.2.2 (ROCm) product is impacted by a set of nine vulnerabilities (including CVE-2026-3497) covering multiple common weakness enumerations such as CWE-824 (Access of Resource Using Incompatible Type), CWE-125 (Out-of-bounds Read), CWE-88 (Argument Injection or Modification), CWE-190 (Integer Overflow or Wraparound), CWE-122 (Heap-based Buffer Overflow), CWE-825 (Expanding Buffer), CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-617 (Reachable Assertion), and CWE-501 (Trust Boundary Violation). The advisory references the release of version 3.2.2 but does not explicitly confirm patch availability or remediation details in the provided text. The product is not a cloud service, and no known exploits have been reported in the wild. The vulnerabilities are rated with high severity by the source.

The vulnerabilities collectively pose a high severity risk to the affected Red Hat AI Inference Server 3.2.2 (ROCm) deployments. Potential impacts include unauthorized memory access, resource exhaustion, and possible denial of service or other security breaches related to improper input handling and memory management. However, no active exploitation has been reported to date.

Patch status is not yet confirmed — check the official Red Hat advisory at https://access.redhat.com/errata/RHSA-2026:19725 for current remediation guidance. The advisory mentions the availability of Red Hat AI Inference Server 3.2.2 (ROCm) but does not explicitly confirm if this version contains fixes for the listed CVEs. Users should monitor Red Hat Product Security communications and apply updates as recommended once official patches or fixes are confirmed.