CVE-2020-12138
First published: Mon Apr 27 2020(Updated: )
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AMD Athlon 64 | =5.11.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-12138?
CVE-2020-12138 has a high severity rating due to its potential to allow low-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.
How do I fix CVE-2020-12138?
To fix CVE-2020-12138, update the AMD ATI atillk64.sys driver to the latest version provided by AMD.
Who is affected by CVE-2020-12138?
Users of AMD's ATI atillk64.sys version 5.11.9.0 are affected by CVE-2020-12138.
What exploitation methods are possible with CVE-2020-12138?
CVE-2020-12138 can be exploited to allow unauthorized access to physical memory, potentially enabling privilege escalation.
Is CVE-2020-12138 currently being exploited in the wild?
As of the latest reports, there have been no confirmed cases of active exploitation of CVE-2020-12138.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/amd
- canonical/amd athlon 64
- version/amd athlon 64/5.11.9.0