CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6102
https://notcve.org/view.php?id=CVE-2020-6102
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad Shader del Driver atidxx64.dll de AMD Radeon DirectX 11 versión 26.20.15019.19000. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1042 • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6101
https://notcve.org/view.php?id=CVE-2020-6101
An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad Shader del Driver atidxx64.dll de AMD Radeon DirectX 11 versión 26.20.15019.19000. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1041 • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6100
https://notcve.org/view.php?id=CVE-2020-6100
An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability potentially could be triggered from guest machines running virtualization environments (ie. VMware, qemu, VirtualBox etc.) in order to perform guest-to-host escape - as it was demonstrated before (TALOS-2018-0533, TALOS-2018-0568, etc.). • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1040 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7246
https://notcve.org/view.php?id=CVE-2019-7246
An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. Se ha detectado un problema en la biblioteca atillk64.sys en AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility versión 5.11.9.0. El controlador vulnerable expone una instrucción wrmsr y no filtra apropiadamente el Model Specific Register (MSR). • https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2019-0015/FEYE-2019-0015.md •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7247
https://notcve.org/view.php?id=CVE-2019-7247
An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. Se detectó un problema en la biblioteca AODDriver2.sys en AMD OverDrive. El controlador vulnerable expone una instrucción wrmsr por medio de IOCTL 0x81112ee0 y no filtra apropiadamente el Model Specific Register (MSR). • https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2019-0014/FEYE-2019-0014.md •