| Vulnerability Name: | CVE-2020-12138 (CCN-180872) | ||||||||||||
| Assigned: | 2019-11-12 | ||||||||||||
| Published: | 2019-11-12 | ||||||||||||
| Updated: | 2021-07-21 | ||||||||||||
| Summary: | AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
6.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-269 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-12138 Source: CCN Type: Eclypsium Web site Mother of All Drivers New Vulnerabilities Found in Windows Drivers Source: MISC Type: Third Party Advisory https://eclypsium.com/2019/11/12/mother-of-all-drivers/ Source: XF Type: UNKNOWN amd-cve202012138-priv-esc(180872) Source: MISC Type: Exploit, Third Party Advisory https://h0mbre.github.io/atillk64_exploit/ Source: CCN Type: AMD Web Welcome to AMD ? High-Performance Processors and Graphics | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||