AMD fixed dozens of vulnerabilities in graphics driver and more

AMD fixed dozens of vulnerabilities
Written by Emma Davis

AMD fixed dozens of vulnerabilities in the graphics driver for Windows 10 devices. The issues could allow attackers to execute arbitrary code and escalate privileges on vulnerable systems.

The severity of the flaws varies, with more than 10 bugs being classified by AMD as high severity bugs. Basically, vulnerabilities received from 7 to 8.9 points on the CVSS vulnerability rating scale.

Extensive analysis of AMD Escape calls revealed a number of potential weaknesses in several APIs that could lead to escalation of privileges, denial of service, information disclosure, KASLR bypass or arbitrary writes to kernel memory.the company wrote.

Various issues have been identified by CyberArk Labs and Apple Media Products RedTeam, as well as independent researchers Ori Nimron and driverThru_BoB 9th. The complete list of fixed issues is as follows:

  1. Ori Nimron: CVE-2020-12892, CVE-2020-12893, CVE-2020-12894, CVE-2020-12895, CVE-2020-12897, CVE-2020-12898, CVE-2020-12899, CVE-2020-12900, CVE-2020-12901, CVE-2020-12902, CVE-2020-12903, CVE-2020-12904, CVE-2020-12905, CVE-2020-12963, CVE-2020-12964, CVE-2020-12980, CVE-2020-12981, CVE-2020-12982, CVE-2020-12983, CVE-2020-12986, CVE-2020-12987;
  2. CyberArk Labs: CVE-2020-12892;
  3. Apple Media Products RedTeam: CVE-2020-12929;
  4. driverThru_BoB 9th: CVE-2020-12960

It should also be noted that AMD last week patched several vulnerabilities affecting first, second and third generation AMD EPYC server processors. Bugs could lead to arbitrary code execution, bypassing SPI ROM protection, loss of integrity, denial of service, information disclosure, and so on.

Reviews conducted in collaboration with Google, Microsoft and Oracle identified potential vulnerabilities in AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components mitigated with using AMD EPYC AGESA PI packages.AMD said.

In addition, the company has resolved an Inappropriate Access Control vulnerability (CVE-2021-26334) recently discovered by ESET experts in the AMD μProf tool driver (AMDPowerProfiler.sys). Successful exploitation of this vulnerability allowed attackers without sufficient privileges to elevate their rights and execute code in kernel mode (ring-0), which gave attackers full control over the vulnerable system.

Let me remind you that we also wrote that Windows 11 may slow down AMD processors by 15% due to bugs.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending