AMD fixed dozens of vulnerabilities in the graphics driver for Windows 10 devices. The issues could allow attackers to execute arbitrary code and escalate privileges on vulnerable systems.
The severity of the flaws varies, with more than 10 bugs being classified by AMD as high severity bugs. Basically, vulnerabilities received from 7 to 8.9 points on the CVSS vulnerability rating scale.Various issues have been identified by CyberArk Labs and Apple Media Products RedTeam, as well as independent researchers Ori Nimron and driverThru_BoB 9th. The complete list of fixed issues is as follows:
- Ori Nimron: CVE-2020-12892, CVE-2020-12893, CVE-2020-12894, CVE-2020-12895, CVE-2020-12897, CVE-2020-12898, CVE-2020-12899, CVE-2020-12900, CVE-2020-12901, CVE-2020-12902, CVE-2020-12903, CVE-2020-12904, CVE-2020-12905, CVE-2020-12963, CVE-2020-12964, CVE-2020-12980, CVE-2020-12981, CVE-2020-12982, CVE-2020-12983, CVE-2020-12986, CVE-2020-12987;
- CyberArk Labs: CVE-2020-12892;
- Apple Media Products RedTeam: CVE-2020-12929;
- driverThru_BoB 9th: CVE-2020-12960
It should also be noted that AMD last week patched several vulnerabilities affecting first, second and third generation AMD EPYC server processors. Bugs could lead to arbitrary code execution, bypassing SPI ROM protection, loss of integrity, denial of service, information disclosure, and so on.
In addition, the company has resolved an Inappropriate Access Control vulnerability (CVE-2021-26334) recently discovered by ESET experts in the AMD μProf tool driver (AMDPowerProfiler.sys). Successful exploitation of this vulnerability allowed attackers without sufficient privileges to elevate their rights and execute code in kernel mode (ring-0), which gave attackers full control over the vulnerable system.
Let me remind you that we also wrote that Windows 11 may slow down AMD processors by 15% due to bugs.