AMD reveals vulnerabilities in their - 3C

因為全篇是英文，所以我就直接講結論了
各位要更新Ryzen Master 和Radeon驅動
我覺得這沒什麼大不了的
畢竟真正修不好的是Intel 的Spectre

AMD reveals vulnerabilities in their Ryzen Master and Radeon Software
AMD has updated its product security webpage to highlight two new software vulne
rabilities, which impact the company's Ryzen Master Software and Radeon Software
driver stack.

Within AMD's Radeon Software, Cisco Talos uncovered a vulnerability (called Esca
pe Handler) which allowed users to create a blue screen. Thankfully, this bug do
es not impact long-term system functionality and could be resolved by restarting
affected PCs. AMD believes that this bug cannot be used to gain access to confi
dential information. This bug has been addressed within AMD's latest Radeon Soft
ware driver release.

Within Ryzen Master, a researcher has uncovered a security vulnerability which a
llows authenticated users to gain access to system privileges. Thankfully, AMD b
elieves that this exploit cannot be used as a remote attack vector for affected
versions of Ryzen Master. AMD's latest Ryzen Master release has been patched to
address this vulnerability.

Details for both vulnerabilities are available below.



Escape Handler (CVE-2020-12933)
10/13/2020

Our ecosystem collaborator Cisco Talos has published a new potential vulnerabili
ty in AMD graphics drivers, which may result in a blue screen. The issue was add
ressed in Radeon™ Software Adrenalin 2020 Edition available here.

AMD believes that confidential information and long-term system functionality ar
e not impacted, and users can resolve the issue by restarting the computer.

A specially crafted D3DKMTEscape request can cause an out-of-bounds read in Wind
ows OS kernel memory area. This vulnerability can be triggered from a non-privil
eged account.

We thank the researchers for their ongoing collaboration and coordinated disclos
ure. More information on their research can be found on the Cisco Talos website.



AMD Ryzen Master™ Driver Vulnerability (CVE-2020-12928)
10/13/2020

A researcher has discovered a potential security vulnerability impacting AMD Ryz
en™ Master that may allow authenticated users to elevate from user to system pr
ivileges. AMD has released a mitigation in AMD Ryzen Master 2.2.0.1543. AMD beli
eves that the attack must come from a non-privileged process already running on
the system when the local user runs AMD Ryzen™ Master and that a remote attack
has not been demonstrated. The latest version of the software is available for d
ownload at https://www.amd.com/en/technologies/ryzen-master.

We thank the researcher for the ongoing collaboration and coordinated disclosure
.

AMD reveals vulnerabilities in their Ryzen Master and Radeon Software

Ryzen Master users should update to the latest version of Ryzen Master and Radeo
n GPU users should update their drivers to AMD's newest Radeon Software release.

--