CVE-2020-12933

{"id": "CVE-2020-12933", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-10-13T22:15:14.027", "references": [{"url": "https://www.amd.com/en/corporate/product-security", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@amd.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "psirt@amd.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio en la funcionalidad del manejador D3DKMTEscape de AMD ATIKMDAG.SYS (por ejemplo, versi\u00f3n 26.20.15029.27017). Una petici\u00f3n de la API de D3DKMTEscape especialmente dise\u00f1ada puede causar una lectura fuera de l\u00edmites en el \u00e1rea de memoria del kernel del Sistema Operativo Windows. Esta vulnerabilidad puede ser activada desde una cuenta no privilegiada"}], "lastModified": "2020-10-21T19:12:21.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:atikmdag.sys:26.20.15029.27017:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEB81E1E-49EC-47A8-A56F-30E9EC717E69"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@amd.com"}