#VU24484 NULL pointer dereference in ATIDXX64.DLL
Vulnerability identifier: #VU24484
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
ATIDXX64.DLL
Hardware solutions /
Drivers
Vendor: AMD
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in shader functionality constant buffer. A remote attacker can send a specially crafted pixel shader and perform a denial of service (DoS) attack.
This vulnerability affects the following product:
AMD ATIDXX64.DLL (26.20.13001.50005) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.1.0 build-13591040) with Windows 10 x64 as guestVM
Mitigation
Vendor recommends to update on version 15.5.1 with 20.1.1 AMD drivers.
Vulnerable software versions
ATIDXX64.DLL: 26.20.13001.50005
External links
http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
