Attacker Value
Moderate
(2 users assessed)
Exploitability
High
(2 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2019-5183

Disclosure Date: January 25, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Add Assessment

3
Ratings
  • Attacker Value
    Low
  • Exploitability
    Medium
Technical Analysis

This is one of a set of vulnerabilities discovered in the AMD Radeon graphics drivers for VMWare workstation by Talos including DoS vulnerabilities CVE-2019-5124, CVE-2019-5147, CVE-2019-5146. 2019-5183 is important because it allows overwriting the vtable and causing arbitrary code execution on the host OS, ~likely as a privileged~ user under vmware-vmx.exe. The breakout allows an assailant to leave the Guest OS and enter the host OS.
While it poses a risk, many mitigating factors affect the utility of the vulnerability. This is a local exploit to the guest operating system, and thus requires previous access through another means. Talos performed coordinated disclosure, so this vulnerability is already patched, allowing a fast mitigation strategy. Further, given the limited and local nature of VMWare workstation, as well as the necessity for a specific driver to be in use, the reduced surface area for attackers decreases the return on investment to develop an attack which to my knowledge has not been seen in the wild, yet.
Bottom line is that this poses a risk and should be addressed, but it is not a scary, immediate risk. Continue to patch through patching cycles and add signatures to IDS systems, but unless you have a very aggressive threat model, this is not an immediate threat.

CVSS V3 Severity and Metrics
Base Score:
9.0 Critical
Impact Score:
6
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • amd

Products

  • atidxx64 26.20.13031.10003,
  • atidxx64 26.20.13031.15006,
  • atidxx64 26.20.13031.18002

Additional Info

Technical Analysis