AMD marks an Intel: three new vulnerabilities afloat

In less than a week, AMD has reported three vulnerabilities found in its products, two related to its graphics cards and one to its processors, or more specifically in the Ryzen Master software and the Radeon Software graphics drivers . Here we tell you what they are and what you can do to avoid them.

Initially, AMD reported the vulnerability called “CreateAllocation”, a security flaw in its graphics drivers. Then he also reported another vulnerability called “EscapeHandler” also in his Radeon Software Adrenalin Edition, and only two days later a third, in this case affecting his Ryzen Master software and which has no name as such. AMD has already confirmed that it is working to fix the three vulnerabilities discovered this October.

VulnerabilityCVE CodeWhat does it affectSolution
CreateAllocationCVE-2020-12911AMD graphics driverQ1 2021
AMD Ryzen Master Driver VulnerabilityCVE-2020-12928AMD Ryzen MasterIn your next update
Escape HandlerCVE-2020-12933AMD graphics driverIn your next update

The three vulnerabilities that plague AMD

As we have arranged in the table above, AMD is already working on solving two of these vulnerabilities, while for the third (CreateAllocation) they have announced that the solution will arrive in the first quarter of next year. Let’s see what each of them affects.

CreateAllocation (CVE-2020-12911)

“Our partner Cisco Talos has released a potential new vulnerability in AMD graphics drivers, which can result in a blue screen on the system. AMD believes that confidential information and long-term system functionality are not affected and that the user can solve the problem simply by restarting the PC. AMD plans to release a fix for this issue in Q1 2021. “

“Research has found that a ‘D3DKMTCreateAllocation’ API built specifically for this can cause an off-site read resulting in a denial of service, resulting in a BSOD. This vulnerability can even affect accounts without administrative privileges.

AMD Ryzen Master Driver Vulnerability (CVE-2020-12928)

“An investigator has discovered a potential security vulnerability affecting Ryzen Master software that can allow users without administrative privileges to obtain them without permission. AMD has already released a mitigation for this in version 2.2.0.1543 of the software.

Escape Handler (CVE-2020-12933)

“Our partner Cisco Talos has released another potential vulnerability affecting Radeon Software Adrenalin Edition software, which can result in a blue screen. This problem has already been solved in the latest version of the software. AMD believes that this issue does not affect confidential information or the long-term functionality of the system. “

What can you do to protect yourself from these vulnerabilities?

As we have expressed in the previous paragraphs, two of these vulnerabilities have already been fixed by AMD, so you simply have to make sure that you have the latest versions of both Ryzen Master (if you have it) and Radeon Software installed. Adrenalin Edition; simply with that, you should no longer have any problems, or at least AMD indicates it.

READ ALSO  Samsung Exynos 880: Mid-range SoC with 5G connectivity

Regarding the third vulnerability, the company has said that they will launch a solution with their drivers during the first quarter of next year, and in the meantime, if you are affected you will simply have to restart the PC. They will notify you when the solution is released, but in any case, if you don’t want to have to be aware, just make sure, again, that you always have the updated drivers to receive all the latest security patches.

en_USEnglish
en_USEnglish