CVE-2020-12891

7.8HIGH

Key Information:

Vendor: Amd
Status: Radeon Software; Radeon Pro Software For Enterprise
Vendor: CVE Published:; 4 February 2022

Summary

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.

Affected Version(s)

Radeon Pro Software for Enterprise Enterprise Driver < 21.Q2

Radeon Software Radeon Driver < 21.4.1

References

https://www.amd.com/en/corporate/product-security/bulleti...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
May 15, 2020

Collectors

NVD DatabaseMitre Database