CVE-2019-5183 - OpenCVE

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amd	Atidxx64
Vmware	Workstation

Configuration 1 [-]

AND

OR	cpe:2.3:a:amd:atidxx64:26.20.13031.10003:::::::*
	cpe:2.3:a:amd:atidxx64:26.20.13031.15006:::::::*
	cpe:2.3:a:amd:atidxx64:26.20.13031.18002:::::::*

cpe:2.3:a:vmware:workstation:15.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2020-01-25T17:59:18

Updated: 2024-08-04T19:47:56.673Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5183

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-01-25T18:15:12.490

Modified: 2020-01-30T15:13:23.527

Link: CVE-2019-5183

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "AMD", "vendor": "n/a", "versions": [{"status": "affected", "version": "AMD ATIDXX64.DLL (26.20.13031.10003, 26.20.13031.15006, 26.20.13031.18002) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guestVM"}]}], "descriptions": [{"lang": "en", "value": "An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host."}], "problemTypes": [{"descriptions": [{"description": "type confusion", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-25T17:59:18", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5183", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AMD", "version": {"version_data": [{"version_value": "AMD ATIDXX64.DLL (26.20.13031.10003, 26.20.13031.15006, 26.20.13031.18002) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guestVM"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "type confusion"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:47:56.673Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5183", "datePublished": "2020-01-25T17:59:18", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:47:56.673Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amd:atidxx64:26.20.13031.10003:*:*:*:*:*:*:*", "matchCriteriaId": "EC82656D-2131-4934-9A1D-A51C78120B1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:amd:atidxx64:26.20.13031.15006:*:*:*:*:*:*:*", "matchCriteriaId": "F5723683-8C9E-444E-A657-31BCF5F7E25C", "vulnerable": true}, {"criteria": "cpe:2.3:a:amd:atidxx64:26.20.13031.18002:*:*:*:*:*:*:*", "matchCriteriaId": "1F23D439-AB74-4CCD-BDC3-4980B78193E8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "83DF9A19-ED8A-4914-96FA-D156CA9AFBC5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de confusi\u00f3n de tipos explotable en el controlador AMD ATIDXX64.DLL, versiones 26.20.13031.10003, 26.20.13031.15006 y 26.20.13031.18002. Un sombreador de p\u00edxeles especialmente dise\u00f1ado puede causar un problema de confusi\u00f3n de tipos, conllevando a una potencial ejecuci\u00f3n de c\u00f3digo. Un atacante puede proporcionar un archivo de sombreador especialmente dise\u00f1ado para activar esta vulnerabilidad. Esta vulnerabilidad puede ser activada desde el VMware invitado, afectando al host VMware."}], "id": "CVE-2019-5183", "lastModified": "2020-01-30T15:13:23.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-25T18:15:12.490", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}]}