26.20.13031.18002

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

amd

vmware

CWE-843

NVD

Published: 2020-01-25

Updated: 2020-01-30

Summary

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Vulnerable Configurations

Part	Description	Count
Application	Amd AMD Atidxx64 26.20.13031.10003 AMD Atidxx64 26.20.13031.15006 AMD Atidxx64 26.20.13031.18002	3
Application	Vmware Vmware Workstation 15.0	1

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Talos

id	TALOS-2019-0964
last seen	2020-02-10
published	2020-01-21
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0964
title	AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964