AMD Radeon Graphics Cards Open VMware Workstations to Attack

A remote code-execution bug exists in some configurations of the AMD Radeon graphics card that could allow an attacker to take control of a targeted system. The hack entails luring users of vulnerable systems to visit a specially crafted website that can deliver “a malformed pixel shader” to either a Radeon RX 550 or a Radeon 550 series graphics card. The prerequisites for the attack limit the scope of those impacted. According to Cisco Talos, which found the bug in May, the vulnerability only exists on systems running VMware Workstation 15 with the 64-bit version of Windows 10 running as the as guest VM. This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS) to the AMD ATIDXX64.DLL driver. Such an attack can be triggered from a VMware guest usermode to cause a memory corruption on vmware-vmx.exe process on host, or theoretically through WEBGL (remote website),” according to the Talos Vulnerability Bulletin, published Monday.