CVE-2019-5098

Published: Dec 5, 2019Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Affected (3)

Products: Vmware: Workstation · Amd: Radeon Rx 550 Firmware, Radeon 550 Firmware

Vmware

1 product

Workstation

Amd

2 products

Radeon Rx 550 Firmware

Radeon 550 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vmware Workstation	Version 15.0.0

Running on/with	Platform Versions
Microsoft Windows 10	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Radeon Rx 550 Firmware	Version 26.20.13001.29010

Running on/with	Platform Versions
Amd Radeon Rx 550	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amd Radeon 550 Firmware	Version 26.20.13001.29010

Running on/with	Platform Versions
Amd Radeon 550	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0890

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0890

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.