CVE-2020-12981

An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:amd:radeon_pro_software:::::enterprise:::*
	cpe:2.3:a:amd:radeon_software::::::::

OR	cpe:2.3:o:microsoft:windows_10:-::::::x64:
	cpe:2.3:o:microsoft:windows_10:-::::::x86:

History

07 Nov 2023, 03:15

Type	Values Removed	Values Added
References	~~(MISC) https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000 - Vendor Advisory~~	() https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000 -

Information

Published : 2021-06-11 22:15

Updated : 2024-02-28 18:28

NVD link : CVE-2020-12981

Mitre link : CVE-2020-12981

CVE.ORG link : CVE-2020-12981

JSON object : View

Products Affected

amd

radeon_pro_software
radeon_software

microsoft

windows_10

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2020-12981", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-06-11T22:15:11.373", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", "source": "psirt@amd.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service."}, {"lang": "es", "value": "Una comprobaci\u00f3n de entrada insuficiente en el controlador de gr\u00e1ficos AMD para Windows 10 puede permitir que los usuarios sin privilegios descarguen el controlador, lo que podr\u00eda causar da\u00f1os en la memoria en los procesos con muchos privilegios, lo que puede conllevar a una escalada de privilegios o la denegaci\u00f3n de servicio"}], "lastModified": "2023-11-07T03:15:59.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CCEDEE9C-091E-4D9B-94D3-2BB3B33B5766", "versionEndExcluding": "21.q1"}, {"criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "528B8908-B68E-40A1-9EB8-8EBD287DC8F2", "versionEndExcluding": "20.7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "vulnerable": false, "matchCriteriaId": "084984D5-D241-497B-B118-50C6C1EAD468"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "vulnerable": false, "matchCriteriaId": "BA592626-F17C-4F46-823B-0947D102BBD2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@amd.com"}