What is CVE-2020-12891?

CVE-2020-12891 is a high-severity vulnerability in Amd Radeon_pro_software, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2022-02-04.

How severe is CVE-2020-12891?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2020-12891 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Amd Radeon_pro_software

CVE-2020-12891

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.

EPSS: 0.003 (16.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Amd Radeon_pro_software
Amd Radeon Pro Software For Enterprise — versions Enterprise Driver
Amd Radeon Software — versions Radeon Driver
Amd Radeon_software

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

Public proof-of-concept exploits

RikunjSindhwad/RikunjSindhwad

References

psirt@amd.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-12891?: CVE-2020-12891 is a high-severity vulnerability in Amd Radeon_pro_software, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2022-02-04.
How severe is CVE-2020-12891?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2020-12891 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.