AMD has just patched a series of security holes in their graphics driver for Windows 10 devices. These vulnerabilities allow hackers to perform privilege escalation attacks or execute arbitrary code on the victim’s machine. .
Among these are dozens of vulnerabilities rated high risk.
“After a comprehensive analysis of AMD Escape commands, we found a set of weaknesses in several APIs. These weaknesses make the system vulnerable to privilege escalation, denial-of-service attacks and denial-of-service attacks. service, divulge information, bypass KASLR, or write arbitrary code to memory”, AMD stated.
These vulnerabilities were discovered by independent security researchers Ori Nimron and driverThru_BoB 9th, Eran Shimony of CyberArk Labs and Lucas Bouillot of Apple Media Products RedTeam.
The full list of patched bugs is as follows:
- Ori Nimron (@orinimron123): CVE-2020-12892, CVE-2020-12893, CVE-2020-12894, CVE-2020-12895, CVE-2020-12897, CVE-2020-12898, CVE-2020-12899, CVE -2020-12900, CVE-2020-12901, CVE-2020-12902, CVE-2020-12903, CVE-2020-12904, CVE-2020-12905, CVE-2020-12963, CVE-2020-12964, CVE-2020 -12980, CVE-2020-12981, CVE-2020-12982, CVE-2020-12983, CVE-2020-12986, CVE-2020-12987
- Eran Shimony, CyberArk Labs: CVE-2020-12892
- Lucas Bouillot, Apple Media Products RedTeam: CVE-2020-12929
- driverThru_BoB 9th: CVE-2020-12960
This week, AMD also patched medium and high-level vulnerabilities affecting AMD EPYC Gen 1st, 2nd, and 3rd processors for servers. These vulnerabilities lead to attacks of arbitrary code execution, SPI ROM protection bypass, integrity compromise, denial of service, and information disclosure attacks.
AMD says that it has partnered with Google, Microsoft, and Oracle to comprehensively test vulnerabilities in AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV), and platform components other platform.
In early October, AMD also had to issue a warning about their chip’s performance loss when running Windows 11. By the end of October, the performance reduction problem was fixed in Windows 11 update KB5006746.