[情報] AMD reveals vulnerabilities in their

因為全篇是英文，所以我就直接講結論了
各位要更新Ryzen Master 和Radeon驅動
我覺得這沒什麼大不了的
畢竟真正修不好的是Intel 的Spectre

AMD reveals vulnerabilities in their Ryzen Master and Radeon Software
AMD has updated its product security webpage to highlight two new software vulnerabilities, which impact the company's Ryzen Master Software and Radeon Software driver stack.

Within AMD's Radeon Software, Cisco Talos uncovered a vulnerability (called Escape Handler) which allowed users to create a blue screen. Thankfully, this bug does not impact long-term system functionality and could be resolved by restarting affected PCs. AMD believes that this bug cannot be used to gain access to confidential information. This bug has been addressed within AMD's latest Radeon Software driver release.

Within Ryzen Master, a researcher has uncovered a security vulnerability which allows authenticated users to gain access to system privileges. Thankfully, AMD believes that this exploit cannot be used as a remote attack vector for affectedversions of Ryzen Master. AMD's latest Ryzen Master release has been patched toaddress this vulnerability.

Details for both vulnerabilities are available below.

Escape Handler (CVE-2020-12933)
10/13/2020

Our ecosystem collaborator Cisco Talos has published a new potential vulnerability in AMD graphics drivers, which may result in a blue screen. The issue was addressed in Radeon™ Software Adrenalin 2020 Edition available here.

AMD believes that confidential information and long-term system functionality are not impacted, and users can resolve the issue by restarting the computer.

A specially crafted D3DKMTEscape request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a non-privileged account.

We thank the researchers for their ongoing collaboration and coordinated disclosure. More information on their research can be found on the Cisco Talos website.

AMD Ryzen Master™ Driver Vulnerability (CVE-2020-12928)
10/13/2020

A researcher has discovered a potential security vulnerability impacting AMD Ryzen™ Master that may allow authenticated users to elevate from user to system privileges. AMD has released a mitigation in AMD Ryzen Master 2.2.0.1543. AMD believes that the attack must come from a non-privileged process already running onthe system when the local user runs AMD Ryzen™ Master and that a remote attackhas not been demonstrated. The latest version of the software is available for download at https://www.amd.com/en/technologies/ryzen-master.

We thank the researcher for the ongoing collaboration and coordinated disclosure.

AMD reveals vulnerabilities in their Ryzen Master and Radeon Software

Ryzen Master users should update to the latest version of Ryzen Master and Radeon GPU users should update their drivers to AMD's newest Radeon Software release.

--