Login Sign Up

CVE-2020-12895

7.8 HIGH

📋 TL;DR

A pool/heap overflow vulnerability in AMD Graphics Driver for Windows 10 allows attackers to execute arbitrary code with kernel privileges. This affects Windows 10 systems with AMD graphics hardware and vulnerable driver versions, potentially leading to complete system compromise.

💻 Affected Systems

Products:
  • AMD Graphics Driver for Windows 10
Versions: Specific vulnerable versions listed in AMD advisory AMD-SB-1000
Operating Systems: Windows 10
Default Config Vulnerable: ⚠️ Yes
Notes: Requires AMD graphics hardware and vulnerable driver version. Systems without AMD graphics or with updated drivers are not affected.

📦 What is this software?

Radeon Software by Amd

View all CVEs affecting Radeon Software →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing attackers to install persistent malware, steal sensitive data, or disable security controls.

🟠

Likely Case

Local privilege escalation from a lower-privileged user account to SYSTEM/administrator level, enabling further lateral movement or persistence.

🟢

If Mitigated

Limited impact if systems are fully patched, have strict user privilege controls, and employ application allowlisting to prevent unauthorized code execution.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to execute the vulnerable Escape 0x110037 call. No public exploit code was identified at the time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Driver versions specified in AMD advisory AMD-SB-1000

Vendor Advisory: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000

Restart Required: Yes

Instructions:

1. Visit AMD's driver download page. 2. Download the latest graphics driver for your hardware. 3. Run the installer and follow prompts. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Limit standard user accounts to prevent execution of privileged operations

Disable vulnerable Escape calls via registry

windows

Potentially block specific Escape calls through registry modifications (vendor-specific guidance needed)

🧯 If You Can't Patch

  • Implement strict least-privilege access controls to limit local user capabilities
  • Deploy application control/allowlisting solutions to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check AMD graphics driver version in Device Manager > Display adapters > Properties > Driver tab

Check Version:

wmic path win32_VideoController get DriverVersion,Name

Verify Fix Applied:

Verify driver version matches or exceeds the patched version listed in AMD-SB-1000 advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual driver-related events in Windows Event Logs
  • Suspicious process creation with high privileges

Network Indicators:

  • Not network exploitable - local vulnerability only

SIEM Query:

EventID=4688 AND NewProcessName contains 'cmd.exe' OR 'powershell.exe' AND SubjectUserName NOT IN (admin_users) AND TokenElevationType=%%1938

📊 Metadata

CVE ID: CVE-2020-12895
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: November 15, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-12895, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)