CVE-2020-12891

CWE-4273 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 65.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
AMD Radeon PRO Software FOR EnterpriseAMD Radeon SoftwareAMD Radeon PRO Software
Timeline
PublishedFeb 4
Latest updateFeb 10

Description

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5amd/radeon_softwareRadeon Driver21.4.1
NVDamd/radeon_software< 21.4.1
CVEListV5amd/radeon_pro_software_for_enterpriseEnterprise Driver21.Q2

🔴Vulnerability Details

2
GHSA
GHSA-49c8-cmr9-7c94: AMD Radeon Software may be vulnerable to DLL Hijacking through path variable2022-02-10
CVEList
CVE-2020-12891: AMD Radeon Software may be vulnerable to DLL Hijacking through path variable2022-02-04
CVE-2020-12891 (HIGH CVSS 7.8) | AMD Radeon Software may be vulnerab | cvebase.io