Multiple vulnerabilities in AMD Radeon DirectX 11 Driver atidxx64.dll



Published: 2020-07-17
Risk Medium
Patch available NO
Number of vulnerabilities 4
CVE-ID CVE-2020-6100
CVE-2020-6103
CVE-2020-6102
CVE-2020-6101
CWE-ID CWE-787
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Radeon DirectX 11 Driver atidxx64.dll
Hardware solutions / Drivers

Vendor AMD

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU30324

Risk: Medium

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-6100

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the Shader functionality "MOV REG". A remote authenticated attacker can use a specially crafted shader file, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Radeon DirectX 11 Driver atidxx64.dll: 26.20.15019.19000

External links

http://talosintelligence.com/vulnerability_reports/TALOS-2020-1040


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU30311

Risk: Medium

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-6103

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the Shader functionality "ROUND_NI". A remote authenticated attacker can use a specially crafted shader file, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Radeon DirectX 11 Driver atidxx64.dll: 26.20.15019.19000

External links

http://talosintelligence.com/vulnerability_reports/TALOS-2020-1043


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU30307

Risk: Medium

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-6102

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the Shader functionality "RESOURCE". A remote authenticated attacker can use a specially crafted shader file, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Radeon DirectX 11 Driver atidxx64.dll: 26.20.15019.19000

External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1042


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU30306

Risk: Medium

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-6101

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the Shader functionality "DCL_OUTPUT". A remote authenticated attacker can use a specially crafted shader file, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Radeon DirectX 11 Driver atidxx64.dll: 26.20.15019.19000

External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1041


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###