'

AMD reveals vulnerabilities in their Ryzen Master and Radeon Software

Both issues have been addressed with AMD's latest software releases

AMD reveals vulnerabilities in their Ryzen Master and Radeon Software

AMD reveals vulnerabilities in their Ryzen Master and Radeon Software

AMD has updated its product security webpage to highlight two new software vulnerabilities, which impact the company's Ryzen Master Software and Radeon Software driver stack. 

Within AMD's Radeon Software, Cisco Talos uncovered a vulnerability (called Escape Handler) which allowed users to create a blue screen. Thankfully, this bug does not impact long-term system functionality and could be resolved by restarting affected PCs. AMD believes that this bug cannot be used to gain access to confidential information. This bug has been addressed within AMD's latest Radeon Software driver release. 

Within Ryzen Master, a researcher has uncovered a security vulnerability which allows authenticated users to gain access to system privileges. Thankfully, AMD believes that this exploit cannot be used as a remote attack vector for affected versions of Ryzen Master. AMD's latest Ryzen Master release has been patched to address this vulnerability. 

Details for both vulnerabilities are available below. 
   
 


   Escape Handler (CVE-2020-12933)

10/13/2020

Our ecosystem collaborator Cisco Talos has published a new potential vulnerability in AMD graphics drivers, which may result in a blue screen. The issue was addressed in Radeon™ Software Adrenalin 2020 Edition available here.

AMD believes that confidential information and long-term system functionality are not impacted, and users can resolve the issue by restarting the computer.  

A specially crafted D3DKMTEscape request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account.

We thank the researchers for their ongoing collaboration and coordinated disclosure. More information on their research can be found on the Cisco Talos website.

 

   AMD Ryzen Master™ Driver Vulnerability (CVE-2020-12928)

10/13/2020

A researcher has discovered a potential security vulnerability impacting AMD Ryzen™ Master that may allow authenticated users to elevate from user to system privileges. AMD has released a mitigation in AMD Ryzen Master 2.2.0.1543. AMD believes that the attack must come from a non-privileged process already running on the system when the local user runs AMD Ryzen™ Master and that a remote attack has not been demonstrated. The latest version of the software is available for download at https://www.amd.com/en/technologies/ryzen-master.

We thank the researcher for the ongoing collaboration and coordinated disclosure.

AMD reveals vulnerabilities in their Ryzen Master and Radeon Software  

Ryzen Master users should update to the latest version of Ryzen Master and Radeon GPU users should update their drivers to AMD's newest Radeon Software release. 

You can join the discussion on AMD revealing two vulnerabilities within their software on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.