This advisory concerns multiple vulnerabilities in Red Hat AI Inference Server 3.2.2 (CUDA), identified by nine CVEs including CVE-2026-3497. The vulnerabilities involve various common weaknesses such as CWE-824 (Access of Uninitialized Pointer), CWE-125 (Out-of-bounds Read), CWE-88 (Argument Injection or Modification), CWE-190 (Integer Overflow), CWE-122 (Heap-based Buffer Overflow), CWE-825 (Expanding Buffer Overflow), CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-617 (Reachable Assertion), and CWE-501 (Trust Boundary Violation). Despite the release of version 3.2.2, the advisory states no fixes are included for these issues. No CVSS scores are provided. The product is not cloud-hosted, so remediation depends on vendor patching. No known exploits have been reported.

The vulnerabilities collectively represent a high severity risk due to potential memory safety issues such as buffer overflows and integer overflows, which could lead to denial of service or other unintended behavior. However, no known exploits are currently reported in the wild. The lack of available patches means these issues remain unmitigated in the affected versions. The impact is limited to deployments of Red Hat AI Inference Server 3.2.2 (CUDA) on affected architectures (amd64 and arm64).

The vendor advisory for Red Hat AI Inference Server 3.2.2 (CUDA) explicitly states that no fixes are currently provided for the listed CVEs. Therefore, no official patch or remediation is available at this time. Users should monitor Red Hat Product Security advisories for updates or future patches addressing these vulnerabilities. Until a fix is released, consider risk acceptance or applying any available workarounds documented by Red Hat if applicable. No additional vendor-recommended mitigations are provided in the advisory.