In less than a week, AMD has reported three vulnerabilities found in its products, two related to its graphics cards and one to its processors, or more specifically in the Ryzen Master software and the Radeon Software graphics drivers . Here we tell you what they are and what you can do to avoid them.
Initially, AMD reported the vulnerability called “CreateAllocation”, a security flaw in its graphics drivers. Then he also reported another vulnerability called “EscapeHandler” also in his Radeon Software Adrenalin Edition, and only two days later a third, in this case affecting his Ryzen Master software and which has no name as such. AMD has already confirmed that it is working to fix the three vulnerabilities discovered this October.
|Vulnerability||CVE Code||What does it affect||Solution|
|CreateAllocation||CVE-2020-12911||AMD graphics driver||Q1 2021|
|AMD Ryzen Master Driver Vulnerability||CVE-2020-12928||AMD Ryzen Master||In your next update|
|Escape Handler||CVE-2020-12933||AMD graphics driver||In your next update|
The three vulnerabilities that plague AMD
As we have arranged in the table above, AMD is already working on solving two of these vulnerabilities, while for the third (CreateAllocation) they have announced that the solution will arrive in the first quarter of next year. Let’s see what each of them affects.
“Our partner Cisco Talos has released a potential new vulnerability in AMD graphics drivers, which can result in a blue screen on the system. AMD believes that confidential information and long-term system functionality are not affected and that the user can solve the problem simply by restarting the PC. AMD plans to release a fix for this issue in Q1 2021. “
“Research has found that a ‘D3DKMTCreateAllocation’ API built specifically for this can cause an off-site read resulting in a denial of service, resulting in a BSOD. This vulnerability can even affect accounts without administrative privileges.
AMD Ryzen Master Driver Vulnerability (CVE-2020-12928)
“An investigator has discovered a potential security vulnerability affecting Ryzen Master software that can allow users without administrative privileges to obtain them without permission. AMD has already released a mitigation for this in version 18.104.22.1683 of the software.
Escape Handler (CVE-2020-12933)
“Our partner Cisco Talos has released another potential vulnerability affecting Radeon Software Adrenalin Edition software, which can result in a blue screen. This problem has already been solved in the latest version of the software. AMD believes that this issue does not affect confidential information or the long-term functionality of the system. “
What can you do to protect yourself from these vulnerabilities?
As we have expressed in the previous paragraphs, two of these vulnerabilities have already been fixed by AMD, so you simply have to make sure that you have the latest versions of both Ryzen Master (if you have it) and Radeon Software installed. Adrenalin Edition; simply with that, you should no longer have any problems, or at least AMD indicates it.
Regarding the third vulnerability, the company has said that they will launch a solution with their drivers during the first quarter of next year, and in the meantime, if you are affected you will simply have to restart the PC. They will notify you when the solution is released, but in any case, if you don’t want to have to be aware, just make sure, again, that you always have the updated drivers to receive all the latest security patches.