CVE-2020-12138
HIGHAMD ATI atillk64.sys 5.11.9.0 - Missing Authorization via DeviceIoControl Call
Title source: llmDescription
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://eclypsium.com/2019/11/12/mother-of-all-drivers/
Exploit, Third Party Advisory x_refsource_misc
https://h0mbre.github.io/atillk64_exploit/
Scores
CVSS v3
8.8
EPSS
0.0067
EPSS Percentile
71.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
amd/atillk64
5.11.9.0
Published
Apr 27, 2020
Tracked Since
Feb 18, 2026