CVE-2020-6100 – This is a critical memory corruption vulnerabil... (How to Fix)

Q: What is the severity of CVE-2020-6100?

CVE-2020-6100 has a CVSS score of 9.9 (CRITICAL). This is a critical memory corruption vulnerability in AMD's atidxx64.dll graphics driver that allows attackers to execute arbitrary code through specially crafted pixel shaders. It affects systems using AMD graphics drivers version 26.20.15019.19000, particularly in virtualization environments where it could enable guest-to-host escape. The vulnerability could also potentially be triggered via web browsers using WebGL and WebAssembly.

📋 TL;DR

This is a critical memory corruption vulnerability in AMD's atidxx64.dll graphics driver that allows attackers to execute arbitrary code through specially crafted pixel shaders. It affects systems using AMD graphics drivers version 26.20.15019.19000, particularly in virtualization environments where it could enable guest-to-host escape. The vulnerability could also potentially be triggered via web browsers using WebGL and WebAssembly.

💻 Affected Systems

Products:

AMD Radeon Graphics Drivers

Versions: Version 26.20.15019.19000 specifically

Operating Systems: Windows, Linux (in virtualization contexts)

Default Config Vulnerable: ⚠️ Yes

Notes: Most dangerous in virtualization environments (VMware, qemu, VirtualBox, Hyper-V with RemoteFX). AMD GPUs with this driver version are affected.

📦 What is this software?

Radeon Directx 11 Driver Atidxx64.dll by Amd

View all CVEs affecting Radeon Directx 11 Driver Atidxx64.dll →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full guest-to-host escape in virtualization environments leading to complete host compromise, or remote code execution via malicious web content.

🟠

Likely Case

Local privilege escalation on affected systems, or guest VM compromise in virtualization setups.

🟢

If Mitigated

Limited to denial of service if proper isolation controls are in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction via malicious web content or file, but WebGL/WebAssembly vectors exist.

🏢 Internal Only: HIGH - Virtualization environments are particularly vulnerable to guest-to-host attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires delivering a specially crafted shader file or WebGL content. Demonstrated in Hyper-V guest-to-host escape scenarios.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AMD driver versions after 26.20.15019.19000

Vendor Advisory: https://www.amd.com/en/resources/product-security.html

Restart Required: Yes

Instructions:

1. Visit AMD's driver download page. 2. Download latest graphics driver for your GPU. 3. Run installer. 4. Restart system.

🔧 Temporary Workarounds

Disable RemoteFX in Hyper-V

windows

Prevents exploitation through Hyper-V virtualization vector

Disable RemoteFX 3D Video Adapter in Hyper-V VM settings

Disable WebGL in browsers

all

Mitigates potential web-based attack vectors

Browser-specific: Chrome: chrome://flags/#disable-webgl
Firefox: about:config -> webgl.disabled = true

🧯 If You Can't Patch

Isolate affected systems from untrusted networks and users
Disable GPU acceleration in virtualization software where possible

🔍 How to Verify

Check if Vulnerable:

Check AMD driver version in Device Manager (Windows) or via 'amdconfig --version' (Linux). If version is 26.20.15019.19000, system is vulnerable.

Check Version:

Windows: dxdiag or Device Manager | Linux: amdconfig --version | lspci -v | grep -i amd

Verify Fix Applied:

Verify driver version is newer than 26.20.15019.19000 after update.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes in rdvgm.exe (Hyper-V)
AMD driver crash events
Suspicious GPU/shader-related errors

Network Indicators:

Unusual outbound connections from virtualization hosts
WebGL exploitation attempts

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="rdvgm.exe" OR Source="amdkmdag" AND Keywords="Error"

📊 Metadata

CVE ID: CVE-2020-6100

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-787

Published: July 20, 2020

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1040 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1040 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6100, you might also want to check these: