What is CVE-2020-12986?

CVE-2020-12986 is a high-severity vulnerability in Amd Radeon Software, classified under Improper Input Validation. CVSS score: 7.8/10. Published 2021-06-11.

How severe is CVE-2020-12986?

High severity. CVSS v3 base score is 7.8 out of 10.

Improper input validation in Amd Radeon Software

CVE-2020-12986

An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (22.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Amd Radeon Software — versions Radeon Software, Radeon Pro Software for Enterprise
Amd Radeon_pro_software
Amd Radeon_software
Microsoft Windows_10

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

psirt@amd.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-12986?: CVE-2020-12986 is a high-severity vulnerability in Amd Radeon Software, classified under Improper Input Validation. CVSS score: 7.8/10. Published 2021-06-11.
How severe is CVE-2020-12986?: High severity. CVSS v3 base score is 7.8 out of 10.