NVD Vulnerability Detail

CVE-2019-5098

Summary	An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.
Publication Date	Dec. 6, 2019, 3:15 a.m.
Registration Date	Jan. 26, 2021, 11:42 a.m.
Last Update	Nov. 21, 2024, 1:44 p.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource	タグ
1	https://talosintelligence.com/vulnerability_reports/TALOS-2019-0890		Exploit Third Party Advisory
2	https://talosintelligence.com/vulnerability_reports/TALOS-2019-0890		Exploit Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html

JVN Vulnerability Information

AMD ATIDXX64.DLL ドライバにおける境界外読み取りに関する脆弱性

Title	AMD ATIDXX64.DLL ドライバにおける境界外読み取りに関する脆弱性
Summary	AMD ATIDXX64.DLL ドライバには、境界外読み取りに関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 4, 2019, midnight
Registration Date	Dec. 20, 2019, 11:47 a.m.
Last Update	Dec. 20, 2019, 11:47 a.m.

Affected System

VMware

VMware Workstation

Advanced Micro Devices (AMD)

Radeon 550 ファームウェア 26.20.13001.29010

Radeon RX 550 ファームウェア 26.20.13001.29010

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-5098	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5098
National Vulnerability Database (NVD)
2	CVE-2019-5098	https://nvd.nist.gov/vuln/detail/CVE-2019-5098

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-125	https://cwe.mitre.org/data/definitions/125.html

ベンダー情報

その他

No	Name	URL
関連文書
1	TALOS-2019-0890 (AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability)	https://talosintelligence.com/vulnerability_reports/TALOS-2019-0890

Change Log

No	Changed Details	Date of change
1	[2019年12月20日] 掲載	Dec. 20, 2019, 11:47 a.m.