Vulnerabilities > CVE-2019-5049 - Out-of-bounds Write vulnerability in AMD products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

amd

CWE-787

critical

NVD

Published: 2019-10-31

Updated: 2019-11-07

Summary

An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Vulnerable Configurations

Part	Description	Count
OS	Amd AMD Radeon RX 550 Firmware 25.20.15031.5004 AMD Radeon RX 550 Firmware 25.20.15031.9002 AMD Radeon 550 Firmware 25.20.15031.5004 AMD Radeon 550 Firmware 25.20.15031.9002 AMD Radeon RX 550X Firmware 25.20.15031.5004 AMD Radeon RX 550X Firmware 25.20.15031.9002	6
Hardware	Amd AMD Radeon RX 550 - AMD Radeon 550 - AMD Radeon RX 550X -	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2019-0818
last seen	2019-11-09
published	2019-09-16
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0818
title	AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818