AMD fixes dozens of Home windows 10 graphics driver safety bugs

0
94

[ad_1]

Picture: Timothy Dykes
AMD has fastened an extended checklist of safety vulnerabilities present in its graphics driver for Home windows 10 units, permitting attackers to execute arbitrary code and elevate privileges on weak techniques.
The potential influence and the issues’ severity differ, with AMD tagging greater than a dozen bugs as excessive severity.
“In a complete evaluation of the AMD Escape calls, a possible set of weaknesses in a number of APIs was found, which may end in escalation of privilege, denial of service, data disclosure, KASLR bypass, or arbitrary write to kernel reminiscence,” AMD defined.
The safety flaws had been found by each impartial safety researchers Ori Nimron and driverThru_BoB ninth, in addition to Eran Shimony of CyberArk Labs and Lucas Bouillot, of the Apple Media Merchandise RedTeam.
The entire checklist of patched bugs contains:
Ori Nimron (@orinimron123) : CVE-2020-12892, CVE-2020-12893, CVE-2020-12894, CVE-2020-12895, CVE-2020-12897, CVE-2020-12898, CVE-2020-12899, CVE-2020-12900, CVE-2020-12901, CVE-2020-12902, CVE-2020-12903, CVE-2020-12904, CVE-2020-12905, CVE-2020-12963, CVE-2020-12964, CVE-2020-12980, CVE-2020-12981, CVE-2020-12982, CVE-2020-12983, CVE-2020-12986, CVE-2020-12987
Eran Shimony of CyberArk Labs: CVE-2020-12892
Lucas Bouillot, of the Apple Media Merchandise RedTeam: CVE-2020-12929
driverThru_BoB ninth: CVE-2020-12960
A full checklist of vulnerabilities discovered within the AMD Graphics Driver for Home windows 10 and their description is on the market within the safety advisory printed this week.
An AMD spokesperson was not instantly out there to offer further particulars when contacted by BleepingComputer at the moment
AMD EPYC server processor bug fixes
This week, AMD additionally patched medium and excessive severity safety flaws impacting the corporate’s 1st/2nd/third Gen AMD EPYC server processors that might result in arbitrary code execution, bypassing SPI ROM protections, lack of integrity, denial of service, data disclosure, and extra.
“Throughout safety evaluations in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities within the AMD Platform Safety Processor (PSP), AMD System Administration Unit (SMU), AMD Safe Encrypted Virtualization (SEV) and different platform elements had been found and have been mitigated in AMD EPYC AGESA PI packages,” AMD stated.
The corporate additionally addressed an improper entry management vulnerability (CVE-2021-26334) discovered by Michal Poslušný from ESET Analysis within the AMDPowerProfiler.sys driver of the AMD μProf instrument.
AMD μProf is a efficiency evaluation utility that can be utilized to examine Home windows, Linux, and FreeBSD functions.
Profitable exploitation of this flaw would enable attackers with out sufficient privileges to achieve entry to kernel model-specific registers, which ends up in privilege escalation and ring-0 code execution that provides the attacker full management over the weak system.
Home windows 11 efficiency points addressed in October
In early October, proper after Home windows 11 started rolling out, AMD has additionally warned of serious efficiency hits on Home windows 11-compatible AMD processors, together with the newest Ryzen CPUs, when utilizing some functions.
One of many compatibility points led to elevated measured and useful L3 cache latency which had a direct influence on the entry time to the reminiscence subsystem for some apps.
Whereas for among the affected apps the anticipated efficiency influence was between 3 to five%, for eSports video games AMD stated that clients may see a efficiency lower of 10-15% on Home windows 11.
The AMD CPU points had been addressed two weeks later with the optionally available KB5006746 cumulative replace preview for Home windows 11 launched on October 21.
“Addresses an L3 caching challenge which may have an effect on efficiency in some functions on units which have AMD Ryzen processors after upgrading to Home windows 11 (authentic launch),” Microsoft defined within the launch notes.

[ad_2]