CVE-2019-5049

Published: Oct 31, 2019Modified: Nov 21, 2024

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Affected (6)

Products: Amd: Radeon Rx 550 Firmware, Radeon 550 Firmware, Radeon Rx 550x Firmware

Amd

3 products

Radeon Rx 550 Firmware

Radeon 550 Firmware

Radeon Rx 550x Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Radeon Rx 550 Firmware	Version 25.20.15031.5004
Amd Radeon Rx 550 Firmware	Version 25.20.15031.9002

Running on/with	Platform Versions
Amd Radeon Rx 550	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Radeon 550 Firmware	Version 25.20.15031.5004
Amd Radeon 550 Firmware	Version 25.20.15031.9002

Running on/with	Platform Versions
Amd Radeon 550	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Radeon Rx 550x Firmware	Version 25.20.15031.5004
Amd Radeon Rx 550x Firmware	Version 25.20.15031.9002

Running on/with	Platform Versions
Amd Radeon Rx 550x	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818

Source: talos-cna@cisco.com

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.