Two vulnerabilities found in AMD Radeon Software and Ryzen Master

Posted on Wednesday, October 14 2020 @ 15:02 CEST by Thomas De Maesschalck
NVDA logo
AMD writes security researchers found vulnerabilities in its Radeon Software and Ryzen Master software. Just like the other vulnerability that was disclosed earlier this month, the new "Escape Handler" (CVE-2020-12933) bug in the Radeon Software drivers doesn't seem that serious. AMD believes exploitation isn't possible, it can only result in a BSOD. The vulnerability has been patched in the latest Radeon Software Adrenalin 2020 Edition.
Our ecosystem collaborator Cisco Talos has published a new potential vulnerability in AMD graphics drivers, which may result in a blue screen. The issue was addressed in Radeon™ Software Adrenalin 2020 Edition [...].

AMD believes that confidential information and long-term system functionality are not impacted, and users can resolve the issue by restarting the computer.

A specially crafted D3DKMTEscape request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account.

We thank the researchers for their ongoing collaboration and coordinated disclosure. More information on their research can be found on the Cisco Talos website.
The other vulnerability affects the AMD Ryzen Master driver and is identified as CVE-2020-12928. This vulnerability may result in an escalation of privilege but there's no evidence of remote exploitation. The latest version of AMD Ryzen Master is no longer vulnerable.
A researcher has discovered a potential security vulnerability impacting AMD Ryzen™ Master that may allow authenticated users to elevate from user to system privileges. AMD has released a mitigation in AMD Ryzen Master 2.2.0.1543. AMD believes that the attack must come from a non-privileged process already running on the system when the local user runs AMD Ryzen™ Master and that a remote attack has not been demonstrated. The latest version of the software is available for download at https://www.amd.com/en/technologies/ryzen-master.

We thank the researcher for the ongoing collaboration and coordinated disclosure.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews