Thursday, December 5, 2019

Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos recently discovered a denial-of-service vulnerability in a specific dll inside of the AMD ATI Radeon line of video cards. This vulnerability can be triggered by supplying a malformed pixel shader
inside a VMware guest operating system. Such an attack can be triggered from VMware guest usermode to cause an out-of-bounds memory read on vmware-vmx.exe process on host, or theoretically through WEBGL.

In accordance with our coordinated disclosure policy, Cisco Talos worked with AMD to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability (TALOS-2019-0890/CVE-2019-5098)

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from a VMware guest, affecting VMware host.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that AMD ATIDXX64.DLL, version 26.20.13001.29010 running on the Radeon RX 550 / 550 Series inside of VMware Workstation 15 (15.1.0 build-13591040) with Windows 10 x64 as the guest VM.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 51461, 51462

No comments:

Post a Comment