SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Vulnerability Spotlight: Multiple vulnerabilities in some AMD graphics cards

By Piotr Bania, Cisco Talos

January 27, 2020

Multiple vulnerabilities exist in a driver associated with the AMD Radeon line of graphics cards. An attacker can exploit these bugs by providing a specially crafted shader file to the user while using

VMware Workstation 15. These attacks can be triggered from VMware guest usermode to cause a variety of errors, potentially allowing an attacker to cause a denial-of-service condition or gain the ability to remotely execute code.

In accordance with our coordinated disclosure policy, Cisco Talos worked with AMD and VMware to ensure that these issues are resolved and that
an update is available for affected customers.

Vulnerability details

AMD ATI Radeon ATIDXX64.DLL shader functionality constant buffer denial-of-service vulnerability (TALOS-2019-0913/CVE-2019-5124)


An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Read the complete vulnerability advisory
here for additional information.

AMD ATI Radeon ATIDXX64.DLL MOVC shader functionality denial-of-service vulnerability (TALOS-2019-0936/CVE-2019-5147)

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Read the complete vulnerability advisory
here for additional information.

AMD ATI Radeon ATIDXX64.DLL MAD shader functionality denial-of-service vulnerability (TALOS-2019-0937/CVE-2019-5146)

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Read the complete vulnerability advisory
here for additional information.

AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability (TALOS-2019-0964/CVE-2019-5183)

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Terms of Use | Copyright 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement