CVE-2019-5049
moderate-risk
Published 2019-10-31
An exploitable memory corruption vulnerability exists in AMD ATIDXX64.DLL driver, versions 25.20.15031.5004 and 25.20.15031.9002. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.
Do I need to act?
-
0.42% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10
Critical
NETWORK
/ LOW complexity
Affected Products (6)
Radeon Rx 550 Firmware
Radeon Rx 550 Firmware
Radeon 550 Firmware
Radeon 550 Firmware
Radeon Rx 550X Firmware
Radeon Rx 550X Firmware
Affected Vendors
References (2)
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0818
48
/ 100
moderate-risk
Severity
33/34 · Critical
Exploitability
2/34 · Minimal
Exposure
13/34 · Low