CVE-2020-12982 - OpenCVE

An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amd	Radeon Pro Software Radeon Software
Microsoft	Windows 10

Configuration 1 [-]

AND

OR	cpe:2.3:a:amd:radeon_pro_software:::::enterprise:::*
	cpe:2.3:a:amd:radeon_software::::::::

OR	cpe:2.3:o:microsoft:windows_10:-::::::x64:
	cpe:2.3:o:microsoft:windows_10:-::::::x86:

No data.

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000

History

No history.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2021-06-11T21:49:49.547155Z

Updated: 2024-09-17T00:16:16.729Z

Reserved: 2020-05-15T00:00:00

Link: CVE-2020-12982

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-06-11T22:15:11.410

Modified: 2023-11-07T03:15:59.350

Link: CVE-2020-12982

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "AMD Radeon Software", "vendor": "AMD", "versions": [{"lessThan": "20.7.1", "status": "affected", "version": "Radeon Software", "versionType": "custom"}, {"lessThan": "21.Q2", "status": "affected", "version": "Radeon Pro Software for Enterprise", "versionType": "custom"}]}], "datePublic": "2021-11-09T00:00:00", "descriptions": [{"lang": "en", "value": "An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service."}], "problemTypes": [{"descriptions": [{"description": "NA", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-27T18:16:44", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"}], "source": {"advisory": "AMD-SB-1000", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12982", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AMD Radeon Software", "version": {"version_data": [{"version_affected": "<", "version_name": "Radeon Software", "version_value": "20.7.1"}, {"version_affected": "<", "version_name": "Radeon Pro Software for Enterprise", "version_value": "21.Q2"}]}}]}, "vendor_name": "AMD"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "NA"}]}]}, "references": {"reference_data": [{"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"}]}, "source": {"advisory": "AMD-SB-1000", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:11:18.962Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"}]}]}, "cveMetadata": {"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12982", "datePublished": "2021-06-11T21:49:49.547155Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-17T00:16:16.729Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "CCEDEE9C-091E-4D9B-94D3-2BB3B33B5766", "versionEndExcluding": "21.q1", "vulnerable": true}, {"criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "528B8908-B68E-40A1-9EB8-8EBD287DC8F2", "versionEndExcluding": "20.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "matchCriteriaId": "084984D5-D241-497B-B118-50C6C1EAD468", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "matchCriteriaId": "BA592626-F17C-4F46-823B-0947D102BBD2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service."}, {"lang": "es", "value": "Una vulnerabilidad sin puntero de objeto no v\u00e1lido en el controlador de gr\u00e1ficos AMD para Windows 10 puede conllevar a una escalada de privilegios o denegaci\u00f3n de servicio"}], "id": "CVE-2020-12982", "lastModified": "2023-11-07T03:15:59.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-11T22:15:11.410", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-763"}], "source": "nvd@nist.gov", "type": "Primary"}]}