AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.
{"amd": [{"lastseen": "2023-03-17T18:25:42", "description": "### Summary\n\nIn a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege, denial of service, information disclosure, KASLR bypass, or arbitrary write to kernel memory. \n\n### Affected Products \n\nAMD Graphics Driver for Windows 10\n\n### CVE Details\n\n**CVE**\n\n| \n\n**Severity**\n\n| \n\n**Description** \n \n---|---|--- \nCVE-2020-12902 | \n\nHigh\n\n| \n\nArbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. \n \nCVE-2020-12891\n\n| \n\nHigh\n\n| \n\nAMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. \n \nCVE-2020-12892\n\n| \n\nHigh\n\n| \n\nAn untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. \n \nCVE-2020-12893\n\n| \n\nHigh\n\n| \n\nStack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. \n \nCVE-2020-12894\n\n| \n\nHigh\n\n| \n\nArbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service. \n \nCVE-2020-12895\n\n| \n\nHigh\n\n| \n\nPool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. \n \nCVE-2020-12898\n\n| \n\nHigh\n\n| \n\nStack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. \n \nCVE-2020-12901\n\n| \n\nHigh\n\n| \n\nArbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure. \n \nCVE-2020-12903\n\n| \n\nHigh\n\n| \n\nOut of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. \n \nCVE-2020-12900\n\n| \n\nHigh\n\n| \n\nAn arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. \n \nCVE-2020-12929\n\n| \n\nHigh\n\n| \n\nImproper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution. \n \nCVE-2020-12960\n\n| \n\nHigh\n\n| \n\nAMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS). \n \nCVE-2020-12980\n\n| \n\nHigh\n\n| \n\nAn out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. \n \nCVE-2020-12981\n\n| \n\nHigh\n\n| \n\nAn insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service. \n \nCVE-2020-12982\n\n| \n\nHigh\n\n| \n\nAn invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. \n \nCVE-2020-12983\n\n| \n\nHigh\n\n| \n\nAn out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service. \n \nCVE-2020-12985\n\n| \n\nHigh\n\n| \n\nAn insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. \n \nCVE-2020-12986\n\n| \n\nHigh\n\n| \n\nAn insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service. \n \nCVE-2020-12962\n\n| \n\nMedium\n\n| \n\nEscape call interface in the AMD Graphics Driver for Windows may cause privilege escalation. \n \nCVE-2020-12904\n\n| \n\nMedium\n\n| \n\nOut of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure. \n \nCVE-2020-12905\n\n| \n\nMedium\n\n| \n\nOut of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure. \n \nCVE-2020-12964\n\n| \n\nMedium\n\n| \n\nA potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information. \n \nCVE-2020-12987\n\n| \n\nMedium\n\n| \n\nA heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass. \n \nCVE-2020-12920\n\n| \n\nMedium\n\n| \n\nA potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck \n \nCVE-2020-12899\n\n| \n\nMedium\n\n| \n\nArbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service. \n \nCVE-2020-12897\n\n| \n\nMedium\n\n| \n\nKernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass. \n \nCVE-2020-12963\n\n| \n\nMedium\n\n| \n\nAn insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. \n \n### Mitigation\n\n**CVE**\n\n| \n\n**AMD Radeon Software**\n\n**Mitigated Version**\n\n| \n\n**AMD Radeon Pro Software for Enterprise**\n\n**First Mitigated Version** \n \n---|---|--- \n \nCVE-2020-12894\n\nCVE-2020-12900\n\nCVE-2020-12964\n\nCVE-2020-12980\n\nCVE-2020-12981\n\nCVE-2020-12982\n\nCVE-2020-12983\n\nCVE-2020-12985\n\nCVE-2020-12986\n\nCVE-2020-12987\n\n| \n\n20.7.1 and higher\n\n| \n\n21.Q1 Enterprise Driver \n \nCVE-2020-12893\n\nCVE-2020-12899\n\nCVE-2020-12901\n\nCVE-2020-12902\n\nCVE-2020-12903\n\nCVE-2020-12904\n\nCVE-2020-12905\n\nCVE-2020-12920\n\nCVE-2020-12929\n\nCVE-2020-12962\n\nCVE-2020-12963\n\nCVE-2020-12895\n\nCVE-2020-12898\n\n| \n\n20.11.2 and higher\n\n| \n\n21.Q1 Enterprise Driver \n \nCVE-2020-12897\n\nCVE-2020-12892\n\n| \n\n21.3.1 and higher\n\n| \n\n21.Q2 Enterprise Driver \n \nCVE-2020-12891\n\nCVE-2020-12960\n\n| \n\n21.4.1 and higher\n\n| \n\n21.Q2 Enterprise Driver\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-09T00:00:00", "type": "amd", "title": "AMD Graphics Driver for Windows 10", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12891", "CVE-2020-12892", "CVE-2020-12893", "CVE-2020-12894", "CVE-2020-12895", "CVE-2020-12897", "CVE-2020-12898", "CVE-2020-12899", "CVE-2020-12900", "CVE-2020-12901", "CVE-2020-12902", "CVE-2020-12903", "CVE-2020-12904", "CVE-2020-12905", "CVE-2020-12920", "CVE-2020-12929", "CVE-2020-12960", "CVE-2020-12962", "CVE-2020-12963", "CVE-2020-12964", "CVE-2020-12980", "CVE-2020-12981", "CVE-2020-12982", "CVE-2020-12983", "CVE-2020-12985", "CVE-2020-12986", "CVE-2020-12987"], "modified": "2021-11-09T00:00:00", "id": "AMD-SB-1000", "href": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "hp": [{"lastseen": "2022-03-16T03:29:20", "description": "AMD has informed HP of potential security vulnerabilities identified in the AMD\u00ae Graphics Driver for Windows 10 which may allow escalation of privilege, denial of service, or information disclosure. \n\nAMD has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. See the affected platforms listed below. \n", "cvss3": {}, "published": "2021-11-09T00:00:00", "type": "hp", "title": "AMD\u00ae Graphics Driver November 2021 Security Updates", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-12902", "CVE-2020-12893", "CVE-2020-12894", "CVE-2020-12895", "CVE-2020-12898", "CVE-2020-12900", "CVE-2020-12901", "CVE-2020-12903", "CVE-2020-12980", "CVE-2020-12981", "CVE-2020-12982", "CVE-2020-12983", "CVE-2020-12985", "CVE-2020-12986", "CVE-2020-12960", "CVE-2020-12929", "CVE-2020-12891", "CVE-2020-12892", "CVE-2020-12962", "CVE-2020-12904", "CVE-2020-12905", "CVE-2020-12964", "CVE-2020-12987", "CVE-2020-12899", "CVE-2020-12920", "CVE-2020-12897", "CVE-2020-12963"], "modified": "2022-03-07T00:00:00", "id": "HPSBHF03753", "href": "https://support.hp.com/us-en/document/ish_5024486-5024510-16/HPSBHF03753", "cvss": {"score": "8.8", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/"}}]}
CVE-2020-12891
