How severe is CVE-2020-6100?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2020-6100?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2020-6100

CRITICAL Year: 2020

CVSS v3 Score

9.9

Critical

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-787

View all →

Vulnerability Description

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability potentially could be triggered from guest machines running virtualization environments (ie. VMware, qemu, VirtualBox etc.) in order to perform guest-to-host escape - as it was demonstrated before (TALOS-2018-0533, TALOS-2018-0568, etc.). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). This vulnerability was triggered from HYPER-V guest using RemoteFX feature leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process).

CVE-2017-2620

CRITICAL

CVSS:9.9(Critical)

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cput...

CWE-7872017

CVE-2018-3863

CRITICAL

CVSS:9.9(Critical)

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on th...

CWE-7872018

CVE-2018-3866

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process...

CWE-7872018

CVE-2018-3867

CRITICAL

CVSS:9.9(Critical)

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware ve...

CWE-7872018

CVE-2018-3893

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core pro...

CWE-7872018

CVE-2018-3902

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-...

CWE-7872018

CVE-2020-6100

Vulnerability Description

Related Vulnerabilities

CVE-2017-2620

CVE-2018-3863

CVE-2018-3866

CVE-2018-3867

CVE-2018-3893

CVE-2018-3902