Wednesday, January 22, 2020

Vulnerability Spotlight: Multiple vulnerabilities in some AMD graphics cards

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Multiple vulnerabilities exist in a driver associated with the AMD Radeon line of graphics cards. An attacker can exploit these bugs by providing a specially crafted shader file to the user while using 
VMware Workstation 15. These attacks can be triggered from VMware guest usermode to cause a variety of errors, potentially allowing an attacker to cause a denial-of-service condition or gain the ability to remotely execute code.

In accordance with our coordinated disclosure policy, Cisco Talos worked with AMD and VMware to ensure that these issues are resolved and that an update is available for affected customers.



Vulnerability details

AMD ATI Radeon ATIDXX64.DLL shader functionality constant buffer denial-of-service vulnerability (TALOS-2019-0913/CVE-2019-5124)


An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Read the complete vulnerability advisory here for additional information.

AMD ATI Radeon ATIDXX64.DLL MOVC shader functionality denial-of-service vulnerability (TALOS-2019-0936/CVE-2019-5147)

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Read the complete vulnerability advisory here for additional information.

AMD ATI Radeon ATIDXX64.DLL MAD shader functionality denial-of-service vulnerability (TALOS-2019-0937/CVE-2019-5146)

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Read the complete vulnerability advisory here for additional information.

AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability (TALOS-2019-0964/CVE-2019-5183)

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that these vulnerabilities affect AMD ATIDXX64.DLL, version 26.20.13025.10004 running on the Radeon RX 550 series of graphics cards, while running on VMware Workstation 15, version 15.5.0, build-14665864 with Windows 10 x64 running as the guestVM.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 52008, 52009, 52050, 52051, 52367, 52368

No comments:

Post a Comment