CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12926
https://notcve.org/view.php?id=CVE-2020-12926
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device because the power must be repeatedly turned on and off. This potential attack may be used to change confidential information, alter executables signed by key material in the TPM, or create a denial of service of the device. Es posible que el software de referencia Trusted Platform Modules (TPM) no rastree correctamente la cantidad de veces que ocurre un apagado fallido. • https://www.amd.com/en/corporate/product-security • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12911
https://notcve.org/view.php?id=CVE-2020-12911
A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad del manejador D3DKMTCreateAllocation de AMD ATIKMDAG.SYS (por ejemplo, versión 26.20.15029.27017). Una petición de la API de D3DKMTCreateAllocation especialmente diseñada puede causar una lectura fuera de límites y una denegación de servicio (BSOD). • https://www.amd.com/en/corporate/product-security • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12928
https://notcve.org/view.php?id=CVE-2020-12928
A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. Una vulnerabilidad en un controlador AMD cargado dinámicamente en AMD Ryzen Master versión V15, puede permitir a cualquier usuario autenticado escalar privilegios a NT authority system • https://www.amd.com/en/corporate/product-security • CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12933
https://notcve.org/view.php?id=CVE-2020-12933
A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account. Se presenta una vulnerabilidad de denegación de servicio en la funcionalidad del manejador D3DKMTEscape de AMD ATIKMDAG.SYS (por ejemplo, versión 26.20.15029.27017). Una petición de la API de D3DKMTEscape especialmente diseñada puede causar una lectura fuera de límites en el área de memoria del kernel del Sistema Operativo Windows. • https://www.amd.com/en/corporate/product-security • CWE-125: Out-of-bounds Read •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6103
https://notcve.org/view.php?id=CVE-2020-6103
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad Shader del Driver atidxx64.dll de AMD Radeon DirectX 11 versión 26.20.15019.19000. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1043 • CWE-787: Out-of-bounds Write •