Amd fixes with a patch 4 major vulnerabilities in its gpus
Table of contents:
This is news that we did not expect: AMD has released a patch in the form of drivers to fix 4 vulnerabilities in its GPUs.
If you have not yet updated your AMD GPUs, this is a good time to do so. Apparently, the Radeon 20.1.1 drivers are a patch to cover 4 major security vulnerabilities that affect Radeon graphics cards. You will not see this in the " changelog ", but we know it from Talos Intelligence. We tell you everything, below.
AMD Radeon 20.1.1: an update with surprise
We learned about this news from the Cisco Talos Intelligence group, one of the world's largest commercial threat intelligence teams made up of top-tier researchers, analysts, and engineers. On its website we can see reports of vulnerabilities in an updated way.
They feature AMD ATI, referencing the Radeon 20.1.1 drivers, which are specified as CVE-2019-5124, CVE-2019-5146, CVE-2019-5147, and CVE-2019-5183. These kinds of attacks exploit a vulnerability in the AMD Radeon file " ATIDXX64.dll ", which denies service or remote code execution.
This attack vector can be used to attack a host computer from a simple virtual machine. This would make it possible to attack the vulnerability from a web page, using WebGL. The vulnerabilities were tested on a VMware virtual machine with Radeon RX 550 and Windows 10 64-bit.
However, the AMD shader compiler that has the RX 550 shares a common code base in all its recent GPUs that support DirectX12. All the vulnerabilities would have a common attack vector: a share code that would be designed to make the shader compiler attack bugs.
VMWare graphics acceleration would allow you to run 3D graphics on virtual machines, transferring information from the host's GPU to the virtual machine. The shader code is compiled using the graphics driver of the host operating system, thus creating a great opportunity to attack.
The first 3 CVs are variations of a similar proposal that allows malformed shader code to crash the graphics driver, which in a virtual machine situation would crash the virtual machine software.
The last vulnerability of all is the most serious because it allows remote code execution. This would mean being able to run vTable methods, which gives full control over the code flow, instead of failing with an error.
Update to Adrenalin 20.1.1
Don't worry, all the vulnerabilities have been fixed with the AMD patch that comes with the Adrenalin 20.1.1 drivers. Although AMD is a transparent company announcing its vulnerabilities, we will not see this in the " changelog ".
Therefore, we recommend that you install these drivers because you will be exposed to attacks only due to having the previous version.
We recommend the best graphics cards on the market
What do you think of this news? Do you have AMD GPUs?
Techpowerup fontMicrosoft fixes 12 serious vulnerabilities in October patch tuesday
Microsoft fixes 12 serious vulnerabilities on October Patch Tuesday. Find out more about security bugs that have been fixed.
Windows 10 June patch fixes 88 vulnerabilities
The Windows 10 June patch fixes 88 vulnerabilities. Find out more about the operating system security patch.
Ubuntu 16.04 patch for raspberry pi 2 fixes 8 vulnerabilities
A kernel update for the Raspberry Pi 2 version of Ubuntu 16.04 LTS (Xenial Xerus) is now available within the stable repositories.