AMD® Graphics Driver November 2021 Security Updates

2021-11-09T00:00:00

Description

AMD has informed HP of potential security vulnerabilities identified in the AMD® Graphics Driver for Windows 10 which may allow escalation of privilege, denial of service, or information disclosure. AMD has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. See the affected platforms listed below.

{"id": "HPSBHF03753", "vendorId": null, "type": "hp", "bulletinFamily": "software", "title": "AMD\u00ae Graphics Driver November 2021 Security Updates", "description": "AMD has informed HP of potential security vulnerabilities identified in the AMD\u00ae Graphics Driver for Windows 10 which may allow escalation of privilege, denial of service, or information disclosure. \n\nAMD has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. See the affected platforms listed below. \n", "published": "2021-11-09T00:00:00", "modified": "2022-03-07T00:00:00", "epss": [{"cve": "CVE-2020-12902", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12893", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12894", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12895", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12898", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12900", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12901", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12903", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12980", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-12981", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-12982", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-12983", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-12985", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-12986", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-12960", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12929", "epss": 0.00042, "percentile": 0.05671, "modified": "2023-06-06"}, {"cve": "CVE-2020-12891", "epss": 0.00054, "percentile": 0.20564, "modified": "2023-06-06"}, {"cve": "CVE-2020-12892", "epss": 0.00062, "percentile": 0.2447, "modified": "2023-06-06"}, {"cve": "CVE-2020-12962", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12904", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12905", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12964", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12987", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-12899", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12920", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12897", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}, {"cve": "CVE-2020-12963", "epss": 0.00043, "percentile": 0.0701, "modified": "2023-06-06"}], "cvss": {"score": "8.8", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/"}, "cvss2": {}, "cvss3": {}, "href": "https://support.hp.com/us-en/document/ish_5024486-5024510-16/HPSBHF03753", "reporter": "HP Product Security Response Team", "references": [], "cvelist": ["CVE-2020-12891", "CVE-2020-12892", "CVE-2020-12893", "CVE-2020-12894", "CVE-2020-12895", "CVE-2020-12897", "CVE-2020-12898", "CVE-2020-12899", "CVE-2020-12900", "CVE-2020-12901", "CVE-2020-12902", "CVE-2020-12903", "CVE-2020-12904", "CVE-2020-12905", "CVE-2020-12920", "CVE-2020-12929", "CVE-2020-12960", "CVE-2020-12962", "CVE-2020-12963", "CVE-2020-12964", "CVE-2020-12980", "CVE-2020-12981", "CVE-2020-12982", "CVE-2020-12983", "CVE-2020-12985", "CVE-2020-12986", "CVE-2020-12987"], "immutableFields": [], "lastseen": "2023-06-06T15:38:09", "viewCount": 68, "enchantments": {"dependencies": {"references": [{"type": "amd", "idList": ["AMD-SB-1000"]}, {"type": "cnvd", "idList": ["CNVD-2021-100381", "CNVD-2021-100384", "CNVD-2021-100385", "CNVD-2021-95630"]}, {"type": "cve", "idList": ["CVE-2020-12891", "CVE-2020-12892", "CVE-2020-12893", "CVE-2020-12894", "CVE-2020-12895", "CVE-2020-12897", "CVE-2020-12898", "CVE-2020-12899", "CVE-2020-12900", "CVE-2020-12901", "CVE-2020-12902", "CVE-2020-12903", "CVE-2020-12904", "CVE-2020-12905", "CVE-2020-12920", "CVE-2020-12929", "CVE-2020-12960", "CVE-2020-12962", "CVE-2020-12963", "CVE-2020-12964", "CVE-2020-12980", "CVE-2020-12981", "CVE-2020-12982", "CVE-2020-12983", "CVE-2020-12985", "CVE-2020-12986", "CVE-2020-12987"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00481"]}]}, "score": {"value": 2.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-12980", "CVE-2020-12981", "CVE-2020-12982", "CVE-2020-12983", "CVE-2020-12985", "CVE-2020-12986", "CVE-2020-12987"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-12891", "epss": 0.00054, "percentile": 0.20545, "modified": "2023-05-02"}, {"cve": "CVE-2020-12892", "epss": 0.00062, "percentile": 0.24389, "modified": "2023-05-02"}, {"cve": "CVE-2020-12893", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12894", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12895", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12897", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12898", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12899", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12900", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12901", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12902", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12903", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12904", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12905", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12920", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12929", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2020-12960", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12962", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12963", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12964", "epss": 0.00043, "percentile": 0.07019, "modified": "2023-05-02"}, {"cve": "CVE-2020-12980", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}, {"cve": "CVE-2020-12981", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}, {"cve": "CVE-2020-12982", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}, {"cve": "CVE-2020-12983", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}, {"cve": "CVE-2020-12985", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}, {"cve": "CVE-2020-12986", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}, {"cve": "CVE-2020-12987", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}], "vulnersScore": 2.4}, "_state": {"dependencies": 1686087756, "score": 1686065901, "epss": 0}, "_internal": {"score_hash": "79fa1ccdc42db55b3ba363123b8b0d45"}, "affectedPackage": []}

{"amd": [{"lastseen": "2023-06-06T16:30:44", "description": "**Bulletin ID:** AMD-SB-1000 \n**Potential Impact:** Varies by CVE, see descriptions below \n**Severity:**Varies by CVE, see descriptions below\n\n## Summary\n\nIn a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege, denial of service, information disclosure, KASLR bypass, or arbitrary write to kernel memory.\n\n## Affected Products\n\nAMD Graphics Driver for Windows 10\n\n## CVE Details\n\n**CVE**| **Severity**| **Description** \n---|---|--- \nCVE-2020-12902| High| Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. \nCVE-2020-12891| High| AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. \nCVE-2020-12892| High| An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. \nCVE-2020-12893| High| Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. \nCVE-2020-12894| High| Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service. \nCVE-2020-12895| High| Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. \nCVE-2020-12898| High| Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. \nCVE-2020-12901| High| Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure. \nCVE-2020-12903| High| Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. \nCVE-2020-12900| High| An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. \nCVE-2020-12929| High| Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution. \nCVE-2020-12960| High| AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS). \nCVE-2020-12980| High| An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. \nCVE-2020-12981| High| An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service. \nCVE-2020-12982| High| An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. \nCVE-2020-12983| High| An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service. \nCVE-2020-12985| High| An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. \nCVE-2020-12986| High| An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service. \nCVE-2020-12962| Medium| Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation. \nCVE-2020-12904| Medium| Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure. \nCVE-2020-12905| Medium| Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure. \nCVE-2020-12964| Medium| A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information. \nCVE-2020-12987| Medium| A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass. \nCVE-2020-12920| Medium| A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck. \nCVE-2020-12899| Medium| Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service. \nCVE-2020-12897| Medium| Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass. \nCVE-2020-12963| Medium| An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. \n \n## Mitigation\n\n**CVE**| **AMD Radeon Software****Mitigated Version**| **AMD Radeon Pro Software for Enterprise****First Mitigated Version** \n---|---|--- \nCVE-2020-12894CVE-2020-12900CVE-2020-12964CVE-2020-12980CVE-2020-12981CVE-2020-12982CVE-2020-12983CVE-2020-12985CVE-2020-12986CVE-2020-12987| 20.7.1 and higher| 21.Q1 Enterprise Driver \nCVE-2020-12893CVE-2020-12899CVE-2020-12901CVE-2020-12902CVE-2020-12903CVE-2020-12904CVE-2020-12905CVE-2020-12920CVE-2020-12929CVE-2020-12962CVE-2020-12963CVE-2020-12895CVE-2020-12898| 20.11.2 and higher| 21.Q1 Enterprise Driver \nCVE-2020-12897CVE-2020-12892| 21.3.1 and higher| 21.Q2 Enterprise Driver \nCVE-2020-12891CVE-2020-12960| 21.4.1 and higher| 21.Q2 Enterprise Driver\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-09T00:00:00", "type": "amd", "title": "AMD Graphics Driver for Windows 10", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12891", "CVE-2020-12892", "CVE-2020-12893", "CVE-2020-12894", "CVE-2020-12895", "CVE-2020-12897", "CVE-2020-12898", "CVE-2020-12899", "CVE-2020-12900", "CVE-2020-12901", "CVE-2020-12902", "CVE-2020-12903", "CVE-2020-12904", "CVE-2020-12905", "CVE-2020-12920", "CVE-2020-12929", "CVE-2020-12960", "CVE-2020-12962", "CVE-2020-12963", "CVE-2020-12964", "CVE-2020-12980", "CVE-2020-12981", "CVE-2020-12982", "CVE-2020-12983", "CVE-2020-12985", "CVE-2020-12986", "CVE-2020-12987"], "modified": "2021-11-09T00:00:00", "id": "AMD-SB-1000", "href": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1000.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "intel": [{"lastseen": "2023-02-08T18:04:09", "description": "### Summary: \n\nPotential security vulnerabilities in some Intel\u00ae Core\u2122 processors with Radeon\u2122 RX Vega M GL integrated graphics may allow escalation of privilege, denial of service or information disclosure. Intel and AMD are releasing driver updates to mitigate these potential vulnerabilities.\n\n### Vulnerability Details:\n\nCVEID: [CVE-2020-12902](<https://vulners.com/cve/CVE-2020-12902>) (Non-Intel issued)\n\nDescription: Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.\n\nSeverity: High****\n\nCVEID: [CVE-2020-12980](<https://vulners.com/cve/CVE-2020-12980>) (Non-Intel issued)\n\nDescription: An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12981](<https://vulners.com/cve/CVE-2020-12981>) (Non-Intel issued)\n\nDescription: An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12982](<https://vulners.com/cve/CVE-2020-12982>) (Non-Intel issued)\n\nDescription: An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12983](<https://vulners.com/cve/CVE-2020-12983>) (Non-Intel issued)\n\nDescription: An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12985](<https://vulners.com/cve/CVE-2020-12985>) (Non-Intel issued)\n\nDescription: An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12986](<https://vulners.com/cve/CVE-2020-12986>) (Non-Intel issued)\n\nDescription: An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12893](<https://vulners.com/cve/CVE-2020-12893>) (Non-Intel issued)\n\nDescription: Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12894](<https://vulners.com/cve/CVE-2020-12894>) (Non-Intel issued)\n\nDescription: Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12895](<https://vulners.com/cve/CVE-2020-12895>) (Non-Intel issued)\n\nDescription: Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12898](<https://vulners.com/cve/CVE-2020-12898>) (Non-Intel issued)\n\nDescription: Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12900](<https://vulners.com/cve/CVE-2020-12900>) (Non-Intel issued)\n\nDescription: An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12901](<https://vulners.com/cve/CVE-2020-12901>) (Non-Intel issued)\n\nDescription: Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure.\n\nSeverity: High\n\nCVEID: [CVE-2020-12903](<https://vulners.com/cve/CVE-2020-12903>) (Non-Intel issued)\n\nDescription: Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.\n\nSeverity: High\n\nCVEID: [CVE-2020-12892](<https://vulners.com/cve/CVE-2020-12892>) (Non-Intel issued)\n\nDescription: An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.\n\nSeverity: Medium\n\nCVEID: [CVE-2020-12987](<https://vulners.com/cve/CVE-2020-12987>) (Non-Intel issued)\n\nDescription: A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass.\n\nSeverity: Medium\n\nCVEID: [CVE-2020-12904](<https://vulners.com/cve/CVE-2020-12904>) (Non-Intel issued)\n\nDescription: Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.\n\nSeverity: Medium\n\nCVEID: [CVE-2020-12905](<https://vulners.com/cve/CVE-2020-12905>) (Non-Intel issued)\n\nDescription: Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.\n\nSeverity: Medium\n\n** **\n\nCVEID: [CVE-2020-12964](<https://vulners.com/cve/CVE-2020-12964>) (Non-Intel issued)\n\nDescription: A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information.\n\nSeverity: Medium\n\nCVEID: [CVE-2020-12899](<https://vulners.com/cve/CVE-2020-12899>) (Non-Intel issued)\n\nDescription: Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.\n\nSeverity: Medium\n\nCVEID: [CVE-2020-12897](<https://vulners.com/cve/CVE-2020-12897>) (Non-Intel issued)\n\nDescription: Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.\n\nSeverity: Medium\n\nCVEID: [CVE-2020-12963](<https://vulners.com/cve/CVE-2020-12963>) (Non-Intel issued)\n\nDescription: An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system.\n\nSeverity: Medium\n\nCVEID: [CVE-2021-33105](<https://vulners.com/cve/CVE-2021-33105>)\n\nDescription: Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM) RX Vega M GL integrated graphics before version 21.10 may allow an authenticated user to potentially enable information disclosure via local access.\n\nCVSS Base Score: 4.7 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N>)****\n\n### Affected Products:\n\nIntel\u00ae Core\u2122 i5-8305G Processor with Radeon\u2122 RX Vega M GL graphics before version 21.10.\n\nIntel\u00ae Core\u2122 i7-8706G Processor with Radeon\u2122 RX Vega M GL graphics before version 21.10.\n\nIntel\u00ae Graphics Driver for Windows\u00ae 10 64-bit for NUC8i7HNK, NUC8i7HVK before version 21.10.\n\n### Recommendations:\n\nIntel recommends updating graphics driver software for Intel\u00ae Core\u2122 processors with Radeon\u2122 RX Vega M GL integrated graphics to version 21.10 or later.\n\nUpdates are available for download at this location:\n\nFor Intel\u00ae NUCs NUC8i7HNK and NUC8i7HVK, with Radeon\u2122 RX Vega M Graphics Driver for Windows\u00ae 10 64-bit:\n\n<https://www.intel.com/content/www/us/en/download/19269/648069/radeon-rx-vega-m-graphics-driver-for-windows-10-64-bit-for-nuc8i7hnk-nuc8i7hvk.html>\n\nFor all other Intel\u00ae Core\u2122 processors with Radeon\u2122 RX Vega M Graphics:\n\n<https://www.intel.com/content/www/us/en/download/19282/30534/radeon-rx-vega-m-graphics.html>\n\n### Acknowledgements:\n\nIntel would like to thank Ori Nimron (@orinimron123) for reporting these issues as well Eran Shimony of CyberArk Labs for reporting CVE-2020-12892.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "cvss3": {}, "published": "2021-11-09T00:00:00", "type": "intel", "title": "Intel\u00ae Core\u2122 Processors with Radeon\u2122 RX Vega M GL Graphics\u00a0Advisory", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-12892", "CVE-2020-12893", "CVE-2020-12894", "CVE-2020-12895", "CVE-2020-12897", "CVE-2020-12898", "CVE-2020-12899", "CVE-2020-12900", "CVE-2020-12901", "CVE-2020-12902", "CVE-2020-12903", "CVE-2020-12904", "CVE-2020-12905", "CVE-2020-12963", "CVE-2020-12964", "CVE-2020-12980", "CVE-2020-12981", "CVE-2020-12982", "CVE-2020-12983", "CVE-2020-12985", "CVE-2020-12986", "CVE-2020-12987", "CVE-2021-33105"], "modified": "2021-11-09T00:00:00", "id": "INTEL:INTEL-SA-00481", "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00481.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-06-06T14:20:20", "description": "Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T20:15:00", "type": "cve", "title": "CVE-2020-12903", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12903"], "modified": "2021-11-18T03:23:00", "cpe": [], "id": "CVE-2020-12903", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12903", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:23", "description": "A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-15T16:15:00", "type": "cve", "title": "CVE-2020-12920", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12920"], "modified": "2021-11-18T03:24:00", "cpe": [], "id": "CVE-2020-12920", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12920", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:33", "description": "A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T15:15:00", "type": "cve", "title": "CVE-2020-12964", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12964"], "modified": "2022-07-12T17:42:00", "cpe": [], "id": "CVE-2020-12964", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12964", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:37", "description": "An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T16:15:00", "type": "cve", "title": "CVE-2020-12963", "cwe": ["CWE-763"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12963"], "modified": "2021-11-18T14:01:00", "cpe": [], "id": "CVE-2020-12963", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12963", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:32", "description": "Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T20:15:00", "type": "cve", "title": "CVE-2020-12962", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12962"], "modified": "2022-07-12T17:42:00", "cpe": [], "id": "CVE-2020-12962", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12962", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:34", "description": "AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-15T20:15:00", "type": "cve", "title": "CVE-2020-12960", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12960"], "modified": "2021-11-17T19:39:00", "cpe": [], "id": "CVE-2020-12960", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12960", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:37", "description": "An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-11T22:15:00", "type": "cve", "title": "CVE-2020-12981", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12981"], "modified": "2022-07-12T17:42:00", "cpe": [], "id": "CVE-2020-12981", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12981", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:20", "description": "Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-15T20:15:00", "type": "cve", "title": "CVE-2020-12905", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12905"], "modified": "2021-11-18T03:22:00", "cpe": [], "id": "CVE-2020-12905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12905", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:38", "description": "An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-11T22:15:00", "type": "cve", "title": "CVE-2020-12980", "cwe": ["CWE-125", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12980"], "modified": "2022-07-12T17:42:00", "cpe": [], "id": "CVE-2020-12980", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12980", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:25", "description": "Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution .", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T16:15:00", "type": "cve", "title": "CVE-2020-12929", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12929"], "modified": "2021-11-18T13:37:00", "cpe": [], "id": "CVE-2020-12929", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12929", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:19", "description": "An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-15T19:15:00", "type": "cve", "title": "CVE-2020-12892", "cwe": ["CWE-426"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12892"], "modified": "2021-11-18T16:06:00", "cpe": [], "id": "CVE-2020-12892", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12892", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:17", "description": "AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-04T23:15:00", "type": "cve", "title": "CVE-2020-12891", "cwe": ["CWE-427"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12891"], "modified": "2022-02-09T14:11:00", "cpe": [], "id": "CVE-2020-12891", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12891", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:38", "description": "An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-11T22:15:00", "type": "cve", "title": "CVE-2020-12982", "cwe": ["CWE-763"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12982"], "modified": "2021-12-30T19:09:00", "cpe": [], "id": "CVE-2020-12982", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12982", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:20", "description": "Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T19:15:00", "type": "cve", "title": "CVE-2020-12898", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12898"], "modified": "2021-11-17T21:25:00", "cpe": [], "id": "CVE-2020-12898", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12898", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:19", "description": "Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-11-15T16:15:00", "type": "cve", "title": "CVE-2020-12899", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12899"], "modified": "2022-06-28T14:11:00", "cpe": [], "id": "CVE-2020-12899", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12899", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:37", "description": "An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-11T22:15:00", "type": "cve", "title": "CVE-2020-12983", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12983"], "modified": "2021-12-30T20:55:00", "cpe": [], "id": "CVE-2020-12983", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12983", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:38", "description": "A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-11T22:15:00", "type": "cve", "title": "CVE-2020-12987", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12987"], "modified": "2021-12-30T20:38:00", "cpe": [], "id": "CVE-2020-12987", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12987", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:19", "description": "Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-11-15T20:15:00", "type": "cve", "title": "CVE-2020-12894", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12894"], "modified": "2021-11-17T22:15:00", "cpe": [], "id": "CVE-2020-12894", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12894", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:19", "description": "Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-15T20:15:00", "type": "cve", "title": "CVE-2020-12901", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12901"], "modified": "2021-11-17T21:44:00", "cpe": [], "id": "CVE-2020-12901", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12901", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:19", "description": "Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T16:15:00", "type": "cve", "title": "CVE-2020-12902", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12902"], "modified": "2022-07-12T17:42:00", "cpe": [], "id": "CVE-2020-12902", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12902", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:38", "description": "An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-11T22:15:00", "type": "cve", "title": "CVE-2020-12986", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12986"], "modified": "2021-12-30T20:39:00", "cpe": [], "id": "CVE-2020-12986", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12986", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:38", "description": "An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-11T22:15:00", "type": "cve", "title": "CVE-2020-12985", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12985"], "modified": "2022-07-12T17:42:00", "cpe": [], "id": "CVE-2020-12985", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12985", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:20", "description": "Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-15T16:15:00", "type": "cve", "title": "CVE-2020-12897", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12897"], "modified": "2022-06-28T14:11:00", "cpe": [], "id": "CVE-2020-12897", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12897", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:19", "description": "Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T16:15:00", "type": "cve", "title": "CVE-2020-12895", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12895"], "modified": "2021-11-17T17:27:00", "cpe": [], "id": "CVE-2020-12895", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12895", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:20", "description": "Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-15T16:15:00", "type": "cve", "title": "CVE-2020-12904", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12904"], "modified": "2021-11-18T03:29:00", "cpe": [], "id": "CVE-2020-12904", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12904", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:19", "description": "Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T20:15:00", "type": "cve", "title": "CVE-2020-12893", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12893"], "modified": "2021-11-17T21:23:00", "cpe": [], "id": "CVE-2020-12893", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12893", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-06-06T14:20:20", "description": "An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T16:15:00", "type": "cve", "title": "CVE-2020-12900", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12900"], "modified": "2022-07-12T17:42:00", "cpe": [], "id": "CVE-2020-12900", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12900", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "cnvd": [{"lastseen": "2022-11-05T07:43:47", "description": "AMD Graphics Driver, an integrated graphics driver from AMD, is a security vulnerability that can be exploited by attackers to cause a Windows BugCheck or to write leaked information.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-10T00:00:00", "type": "cnvd", "title": "AMD Graphics Driver has an unspecified vulnerability (CNVD-2021-100385)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12964"], "modified": "2021-12-16T00:00:00", "id": "CNVD-2021-100385", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-100385", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-05T08:00:29", "description": "AMD Graphics Driver is an integrated graphics driver from AMD. AMD Graphics Driver for Windows 10 is vulnerable to an input validation error that stems from the product's amdfender.sys failing to properly process input data, which could be exploited by an attacker to cause a denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-18T00:00:00", "type": "cnvd", "title": "AMD Graphics Driver for Windows 10 Input Validation Error Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12960"], "modified": "2021-12-09T00:00:00", "id": "CNVD-2021-95630", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-95630", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T07:41:50", "description": "AMD Graphics Driver is an integrated graphics driver from AMD, Inc. AMD Graphics Driver is vulnerable to a resource management error that could be exploited by attackers to cause a KASLR bypass or information disclosure.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-10T00:00:00", "type": "cnvd", "title": "AMD Graphics Driver Resource Management Error Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12901"], "modified": "2021-12-16T00:00:00", "id": "CNVD-2021-100381", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-100381", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-05T07:46:31", "description": "AMD Graphics Driver is an integrated graphics driver from AMD, a U.S. company. AMD Graphics Driver contains a security vulnerability that can be exploited by attackers to cause an elevation of privilege or denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-10T00:00:00", "type": "cnvd", "title": "AMD Graphics Driver has an unspecified vulnerability (CNVD-2021-100384)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12902"], "modified": "2021-12-16T00:00:00", "id": "CNVD-2021-100384", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-100384", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}

AMD® Graphics Driver November 2021 Security Updates

Description

Related