AMD ATI Radeon Graphics Cards Found Multiple Bugs


Researchers at Cisco Talos have advertised that security vulnerabilities in some AMD ATI Radeon graphics cards may enable attackers to execute code from remotely or trigger a denial of service situation.

There have been a total of four security flaws, all of which affect the AMD ATIDXX64.DLL driver: three out – of-bound and one form of uncertainty issue. All four problems were patched by AMD.

Each of the first three CVE-2019-5124, CVE-2019-5147 and CVE-2019-5146 vulnerabilities has an 8.6 CVSS ranking.

To bring such security flaws out of bounds, an attacker needs to provide a specially crafted, malformed pixel shader.

Cisco Talos explains in a vulnerability report that this kind of attack can “trigger user mode” within the VMware guest to cause the out – of-bounds read in the vmware-vmx.exe process on a host or theoretically via WEBGL(remote website). “Cisco researchers tested and confirmed these vulnerabilities in the Radeon RX 550/550 series graphics version of AMD ATIDx64.DLL version26.20.13025.10004

The fourth prone concerns the AMD ATIDXX64.DLL module, versions 26.20.13031.10003, 26.20.13031.15006, and 26.20.13031.18002.

The confusion problem can be caused by a specially crafted pixel shader and could lead to the possible execution of code. An intruder will cause the VMware guest bug by supplying a shader file that is particularly designed.

“The vulnerability will be triggered in the vmware-vmx.exe process on host, or theoretically through WEBGL (remote website), leading to potential code execution (through a vtable type-confusion),” Cisco Talos explains.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.