Vulnerability CVE-2020-12933


Published: 2020-10-13   Modified: 2020-10-14

Description:
A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account.

Type:

CWE-125

(Out-of-bounds Read)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
AMD -> Atikmdag.sys 

 References:
https://www.amd.com/en/corporate/product-security

Copyright 2024, cxsecurity.com

 

Back to Top