Published: 31/10/2019 Updated: 07/11/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Vulnerable Product	Search on Vulmon	Subscribe to Product
amd radeon_rx_550_firmware 25.20.15031.5004
amd radeon_rx_550_firmware 25.20.15031.9002
amd radeon_550_firmware 25.20.15031.9002
amd radeon_550_firmware 25.20.15031.5004
amd radeon_rx_550x_firmware 25.20.15031.5004
amd radeon_rx_550x_firmware 25.20.15031.9002

How to break out of a hypervisor: Abuse Qemu-KVM on-Linux pre-5.3 – or VMware with an AMD driver

The Register • Shaun Nichols in San Francisco • 18 Sep 2019

Pair of bug reports show how VM escapes put servers at risk

A pair of newly disclosed security flaws could allow malicious virtual machine guests to break out of their hypervisor's walled gardens and execute malicious code on the host box. Both CVE-2019-14835 and CVE-2019-5049 are not particularly easy to exploit as they require specific types of hardware or events to occur. However, if successful, either could allow a miscreant to run malware on the host from a VM instance. CVE-2019-14835 was discovered and reported by Peter Pi, a member of the Tencent ...

CVE-2019-5049

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect