CVE-2020-12891

Published: Feb 4, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.

Affected (2)

Products: Amd: Radeon Pro Software, Radeon Software

Amd

2 products

Radeon Pro Software

Radeon Software

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Amd Radeon Pro Software	Before 21.q2
Amd Radeon Software	Before 21.4.1

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000

Source: psirt@amd.com

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.