26.20.13031.18002

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

amd

CWE-843

critical

NVD

Published: 2020-01-25

Updated: 2020-01-30

Summary

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Vulnerable Configurations

Part	Description	Count
Application	Amd AMD Atidxx64 26.20.13031.10003 AMD Atidxx64 26.20.13031.15006 AMD Atidxx64 26.20.13031.18002	3
Application	Vmware Vmware Workstation 15.0	1

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Talos

id	TALOS-2019-0964
last seen	2020-02-10
published	2020-01-21
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0964
title	AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964