AMD patches graphics driver and Ryzen Master vulnrebilities

Published by

teaser

Two more vulnerabilities have been listed at the product safety page of AMD, the current versions of the Radeon Software adrenaline 2020 Edition 20.9.2 and Ryzen Master 2.3.0.1591 have already been fixed. An update is therefore desirable.



The Radeon driver (download) bugs were found by Cisco Talos and can invoke a BSOD with the help of a specific request. According to AMD, it will stop there, there would be no breach of the security and data of the system. It should be fixed with the latest driver.

Ryzen Master also has a vulnerability, CVE-2020-12928 allows system privileges to be obtained. AMD is convinced that the attack must come from a non-privileged trial, while Ryzen Master (download) is active. It is also emphasized that no remote attacks have been demonstrated.

AMD Ryzen Master Driver Vulnerability ( CVE- 2020-12928 )

The vulnerability in the Ryzen Master has already been fixed in Ryzen Master 2.2.0.1543 - the current version is 2.3.0.1591.

 A researcher has discovered a potential security vulnerability impacting AMD Ryzen ™ Master that may allow authenticated users to elevate from users to system privileges. AMD has released a mitigation in AMD Ryzen Master 2.2.0.1543. AMD believes that the attack must come from a non-privileged process already running on the system when the local user runs AMD Ryzen ™ Master and that a remote attack has not been demonstrated. "

CreateAllocation ( CVE- 2020-12911 )

About a weak point in the graphics driver for Windows or the ATIKMDAG . SYS , which is described in more detail by the discoverer Cisco Talos. This can trigger a blue screen (BSoD). However, AMD is not planning a fix until the first quarter of 2021.

 This vulnerability can be triggered by executing the  D3DKMTCreateAllocation function with malformed data. This leads to an out-of-bounds read vulnerability in AMD ATIKMDAG . SYS driver.

An attacker can influence the read address for the  movzx operation by modifying the payload for the  D3DKMTCreateAllocation function, potentially leading to an out-of-bound read vulnerability and denial of service. "

Source: Cisco Talos

According to Talos, the vulnerability has a CVSSv3 score of 7.1 (high - level 4 of 5) and was reported to AMD on July 7, 2020 .

Share this content
Twitter Facebook Reddit WhatsApp Email Print

ADATA IM2P3014 is a M.2 2242 form factor NVMe SSD

Alleged Intel Alder Lake CPU photo surfaces online