PT-2020-11102 · Vmware+1 · Vmware+1
Published
2020-01-25
·
Updated
2020-01-30
·
CVE-2019-5183
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AMD ATIDXX64.DLL driver versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002
Description
A type confusion issue exists in the AMD ATIDXX64.DLL driver, which can be triggered by a specially crafted pixel shader, potentially leading to code execution. An attacker can exploit this issue by providing a specially crafted shader file. This vulnerability can be triggered from a VMware guest, affecting the VMware host.
Recommendations
For versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002, consider disabling the use of specially crafted pixel shaders until a patch is available.
Restrict access to shader files to minimize the risk of exploitation.
Avoid using the AMD ATIDXX64.DLL driver in VMware guest environments until the issue is resolved.
Fix
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amd Atidxx64.Dll
Vmware