Vulnerabilities > CVE-2020-6102 - Out-of-bounds Write vulnerability in AMD Radeon Directx 11 Driver Atidxx64.Dll 26.20.15019.19000

CVSS 9.9 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

amd

CWE-787

critical

NVD

Published: 2020-07-20

Updated: 2022-04-27

Summary

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly).

Vulnerable Configurations

Part	Description	Count
Application	Amd AMD Radeon Directx 11 Driver Atidxx64.Dll 26.20.15019.19000	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1042