CVE-2020-12891

HIGH

AMD Radeon Software - DLL Hijacking

Title source: llm

Description

AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.

References (1)

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1000

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

amd/radeon_pro_software < 21.q2

amd/radeon_software < 21.4.1

Timeline

Published Feb 04, 2022

Tracked Since Feb 18, 2026