CVE-2019-5049Out-of-bounds Write in AMD Radeon 550 Firmware

CWE-787Out-of-bounds Write3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
0.4%
top 38.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
AMD Radeon 550 FirmwareAMD Radeon RX 550 FirmwareAMD Radeon RX 550x Firmware
Timeline
PublishedOct 31
Latest updateMay 24

Description

An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages3 packages

NVDamd/radeon_550_firmware25.20.15031.5004, 25.20.15031.9002+1
NVDamd/radeon_rx_550_firmware25.20.15031.5004, 25.20.15031.9002+1
NVDamd/radeon_rx_550x_firmware25.20.15031.5004, 25.20.15031.9002+1

🔴Vulnerability Details

2
GHSA
GHSA-7p5r-q7hh-vhjj: An exploitable memory corruption vulnerability exists in AMD ATIDXX642022-05-24
CVEList
CVE-2019-5049: An exploitable memory corruption vulnerability exists in AMD ATIDXX642019-10-31
CVE-2019-5049 — Out-of-bounds Write in AMD | cvebase