First published: Thu Dec 05 2019(Updated: )
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Workstation | =15.0.0 | |
Microsoft Windows 10 | ||
Amd Radeon Rx 550 Firmware | =26.20.13001.29010 | |
Amd Radeon Rx 550 | ||
Amd Radeon 550 Firmware | =26.20.13001.29010 | |
Amd Radeon 550 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5098 is an exploitable out-of-bounds read vulnerability in the AMD ATIDXX64.DLL driver.
VMware Workstation 15.0.0 is affected by CVE-2019-5098 and can be exploited by a specially crafted shader file.
No, Microsoft Windows 10 is not vulnerable to CVE-2019-5098.
To fix CVE-2019-5098 in the AMD Radeon RX 550 firmware version 26.20.13001.29010, update to the latest firmware version provided by AMD.
CVE-2019-5098 has a severity rating of 8.6 (high).