Login Sign Up

CVE-2019-5183

9.0 CRITICAL

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on affected systems through a type confusion flaw in AMD's ATIDXX64.DLL driver. By providing a specially crafted pixel shader file, an attacker can exploit this vulnerability to potentially gain control of the system. The vulnerability affects VMware environments where the guest VM can compromise the host.

💻 Affected Systems

Products:
  • AMD ATIDXX64.DLL driver
Versions: 26.20.13031.10003, 26.20.13031.15006, 26.20.13031.18002
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Primarily affects VMware virtualized environments where guest VMs can exploit the host. Requires AMD graphics hardware with vulnerable driver versions.

📦 What is this software?

Atidxx64 by Amd

View all CVEs affecting Atidxx64 →

Atidxx64 by Amd

View all CVEs affecting Atidxx64 →

Atidxx64 by Amd

View all CVEs affecting Atidxx64 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing attackers to install persistent malware, steal sensitive data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation leading to system control, particularly in virtualized environments where guest-to-host escape is possible.

🟢

If Mitigated

Limited impact with proper isolation and monitoring, potentially only affecting the vulnerable driver process.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access or ability to deliver malicious shader files. VMware guest-to-host escape scenario documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 26.20.13031.18002

Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1000.html

Restart Required: Yes

Instructions:

1. Download latest AMD graphics driver from official website. 2. Uninstall current driver. 3. Install updated driver. 4. Restart system.

🔧 Temporary Workarounds

Disable vulnerable driver

windows

Temporarily disable or remove the ATIDXX64.DLL driver if AMD graphics are not essential

sc stop amdkmdag
sc config amdkmdag start= disabled

VMware isolation controls

all

Implement strict isolation between VMware guests and hosts

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized users from loading shader files
  • Monitor for suspicious driver activity and shader file execution

🔍 How to Verify

Check if Vulnerable:

Check driver version in Device Manager > Display adapters > Properties > Driver tab

Check Version:

wmic path win32_pnpsigneddriver where "DeviceName like '%AMD%'" get DeviceName, DriverVersion

Verify Fix Applied:

Verify driver version is newer than 26.20.13031.18002

📡 Detection & Monitoring

Log Indicators:

  • Unusual shader file loading
  • ATIDXX64.DLL crash events
  • Suspicious driver activity

Network Indicators:

  • Unusual outbound connections from driver processes

SIEM Query:

EventID=1000 OR EventID=1001 Source=ATIDXX64.DLL

📊 Metadata

CVE ID: CVE-2019-5183
CVSS v3 Score: 9.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-843
Published: January 25, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-5183, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2016-1000005 9.8

This CVE involves a type confusion vulnerability in HHVM's mcrypt_get_block_size function where the ...

Same vulnerability type (CWE-843)