AMD Fixes Critical Exploitable Bugs

AMD patched several long list of security flaws & vulnerabilities found in its graphics driver for Windows 10 devices, impacting the company’s 1^st/2^nd/3^rd Gen AMD EPYC server processors that could lead to arbitrary code execution and elevate privileges on vulnerable systems, bypassing SPI ROM protections, loss of integrity, denial of service, information disclosure.

The potential impact and the flaws’ severity vary, with AMD tagging more than a dozen bugs as high severity.

During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages

Advertisements

The company also addressed an improper access control vulnerability (CVE-2021-26334) found in the AMDPowerProfiler.sys driver of the AMD μProf tool. its a performance analysis utility that can be used to inspect Windows, Linux, and FreeBSD applications.

Successful exploitation of this flaw would allow attackers without enough privileges to gain access to kernel model-specific registers, which leads to privilege escalation and ring-0 code execution that gives the attacker full control over the vulnerable system.

CVE	Severity	Description
CVE-2020-12902	High	Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12891	High	AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.
CVE-2020-12892	High	An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.
CVE-2020-12893	High	Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.
CVE-2020-12894	High	Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.
CVE-2020-12895	High	Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service.
CVE-2020-12898	High	Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12901	High	Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure.
CVE-2020-12903	High	Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.
CVE-2020-12900	High	An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service.
CVE-2020-12929	High	Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution.
CVE-2020-12960	High	AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).
CVE-2020-12980	High	An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12981	High	An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.
CVE-2020-12982	High	An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12983	High	An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service.
CVE-2020-12985	High	An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12986	High	An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service.
CVE-2020-12962	Medium	Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.
CVE-2020-12904	Medium	Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.
CVE-2020-12905	Medium	Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.
CVE-2020-12964	Medium	A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information.
CVE-2020-12987	Medium	A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass.
CVE-2020-12920	Medium	A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck
CVE-2020-12899	Medium	Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.
CVE-2020-12897	Medium	Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.
CVE-2020-12963	Medium	An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system.