CVE-2019-5049

An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
talosCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
amdradeon_rx_550_firmware
25.20.15031.5004
amdradeon_rx_550_firmware
25.20.15031.9002
amdradeon_550_firmware
25.20.15031.5004
amdradeon_550_firmware
25.20.15031.9002
amdradeon_rx_550x_firmware
25.20.15031.5004
amdradeon_rx_550x_firmware
25.20.15031.9002
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818