CVE-2020-12891

moderate-risk
Published 2022-02-04

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.

Do I need to act?

-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (2)

Radeon Pro Software

Affected Vendors

Amd

References (2)

Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000
32
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 7/34 · Low