CVE-2019-5098

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
05/12/2019
Last modified:
17/12/2019

Description

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:vmware:workstation:15.0.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
cpe:2.3:o:amd:radeon_rx_550_firmware:26.20.13001.29010:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_rx_550:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:radeon_550_firmware:26.20.13001.29010:*:*:*:*:*:*:*
cpe:2.3:h:amd:radeon_550:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools