There have been a total of four security flaws, all of which affect the AMD ATIDXX64.DLL driver: three out – of-bound and one form of uncertainty issue. All four problems were patched by AMD. Each of the first three CVE-2019-5124, CVE-2019-5147 and CVE-2019-5146 vulnerabilities has an 8.6 CVSS ranking. To bring such security flaws out of bounds, an attacker needs to provide a specially crafted, malformed pixel shader. Cisco Talos explains in a vulnerability report that this kind of attack can “trigger user mode” within the VMware guest to cause the out – of-bounds read in the vmware-vmx.exe process on a host or theoretically via WEBGL(remote website). “Cisco researchers tested and confirmed these vulnerabilities in the Radeon RX 550/550 series graphics version of AMD ATIDx64.DLL version26.20.13025.10004 The fourth prone concerns the AMD ATIDXX64.DLL module, versions 26.20.13031.10003, 26.20.13031.15006, and 26.20.13031.18002. The confusion problem can be caused by a specially crafted pixel shader and could lead to the possible execution of code. An intruder will cause the VMware guest bug by supplying a shader file that is particularly designed.
