CVE-2020-12138
Last modified
CVE-2020-12138 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages.. EPSS estimates a 3.32% chance of exploitation in the next 30 days.
Description
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Amd | Atillk64 | 5.11.9.0 |
References
- https://eclypsium.com/2019/11/12/mother-of-all-drivers/Third Party Advisory
- https://h0mbre.github.io/atillk64_exploit/Exploit, Third Party Advisory
- https://eclypsium.com/2019/11/12/mother-of-all-drivers/Third Party Advisory
- https://h0mbre.github.io/atillk64_exploit/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-12138?
How severe is CVE-2020-12138?
How do I fix CVE-2020-12138?
Are you affected by CVE-2020-12138?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST