CVE-2020-12891

Published Feb 4, 2022

Last updated 6 months ago

CVSS high 7.8

Overview

Description: AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.
Source: psirt@amd.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-427

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:amd:radeon_pro_software:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5BBBA61-F9B3-41D4-BAD1-8D31C9868F6F",
            "versionEndExcluding": "21.q2"
          },
          {
            "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00350248-7850-480A-BACF-89DC9194F34E",
            "versionEndExcluding": "21.4.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References