cve-2020-12981
Vulnerability from cvelistv5
Published
2021-06-11 21:49
Modified
2024-09-16 18:19
Severity ?
EPSS score ?
Summary
An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | AMD | AMD Radeon Software |
Version: Radeon Software < 20.7.1 Version: Radeon Pro Software for Enterprise < 21.Q2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:11:19.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "AMD Radeon Software", vendor: "AMD", versions: [ { lessThan: "20.7.1", status: "affected", version: "Radeon Software", versionType: "custom", }, { lessThan: "21.Q2", status: "affected", version: "Radeon Pro Software for Enterprise", versionType: "custom", }, ], }, ], datePublic: "2021-11-09T00:00:00", descriptions: [ { lang: "en", value: "An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "NA", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-27T18:16:55", orgId: "b58fc414-a1e4-4f92-9d70-1add41838648", shortName: "AMD", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", }, ], source: { advisory: "AMD-SB-1000", discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@amd.com", DATE_PUBLIC: "2021-11-09T20:00:00.000Z", ID: "CVE-2020-12981", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "AMD Radeon Software", version: { version_data: [ { version_affected: "<", version_name: "Radeon Software", version_value: "20.7.1", }, { version_affected: "<", version_name: "Radeon Pro Software for Enterprise", version_value: "21.Q2", }, ], }, }, ], }, vendor_name: "AMD", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "NA", }, ], }, ], }, references: { reference_data: [ { name: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", refsource: "MISC", url: "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", }, ], }, source: { advisory: "AMD-SB-1000", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "b58fc414-a1e4-4f92-9d70-1add41838648", assignerShortName: "AMD", cveId: "CVE-2020-12981", datePublished: "2021-06-11T21:49:43.864896Z", dateReserved: "2020-05-15T00:00:00", dateUpdated: "2024-09-16T18:19:38.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:*\", \"versionEndExcluding\": \"21.q1\", \"matchCriteriaId\": \"CCEDEE9C-091E-4D9B-94D3-2BB3B33B5766\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20.7.1\", \"matchCriteriaId\": \"528B8908-B68E-40A1-9EB8-8EBD287DC8F2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"084984D5-D241-497B-B118-50C6C1EAD468\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"BA592626-F17C-4F46-823B-0947D102BBD2\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.\"}, {\"lang\": \"es\", \"value\": \"Una comprobaci\\u00f3n de entrada insuficiente en el controlador de gr\\u00e1ficos AMD para Windows 10 puede permitir que los usuarios sin privilegios descarguen el controlador, lo que podr\\u00eda causar da\\u00f1os en la memoria en los procesos con muchos privilegios, lo que puede conllevar a una escalada de privilegios o la denegaci\\u00f3n de servicio\"}]", id: "CVE-2020-12981", lastModified: "2024-11-21T05:00:36.650", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2021-06-11T22:15:11.373", references: "[{\"url\": \"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000\", \"source\": \"psirt@amd.com\"}, {\"url\": \"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "psirt@amd.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2020-12981\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2021-06-11T22:15:11.373\",\"lastModified\":\"2024-11-21T05:00:36.650\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.\"},{\"lang\":\"es\",\"value\":\"Una comprobación de entrada insuficiente en el controlador de gráficos AMD para Windows 10 puede permitir que los usuarios sin privilegios descarguen el controlador, lo que podría causar daños en la memoria en los procesos con muchos privilegios, lo que puede conllevar a una escalada de privilegios o la denegación de servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"21.q1\",\"matchCriteriaId\":\"CCEDEE9C-091E-4D9B-94D3-2BB3B33B5766\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.7.1\",\"matchCriteriaId\":\"528B8908-B68E-40A1-9EB8-8EBD287DC8F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"084984D5-D241-497B-B118-50C6C1EAD468\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"BA592626-F17C-4F46-823B-0947D102BBD2\"}]}]}],\"references\":[{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000\",\"source\":\"psirt@amd.com\"},{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.