AMD recently patched more than a dozen of high-risk vulnerabilities discovered in its Graphics Driver for Windows 10, which could have allowed hackers to perform privilege escalation attacks or execute arbitrary code on the victim’s machine.
“After a comprehensive analysis of AMD Escape commands, we found a set of weaknesses in several APIs. These weaknesses make the system vulnerable to privilege escalation, denial-of-service attacks and denial-of-service attacks. services, disclosing information, bypassing KASLR, or writing arbitrary code to memory,” AMD stated in the security advisory published this week.
The vulnerabilities were discovered by independent security researcher, Ori Nimron (Twitter username @orinimron123), Eran Shimony of CyberArk Labs, Lucas Bouillot, of the Apple Media Products RedTeam and driverThru_BoB 9th.
AMD has successfully addressed most of the vulnerability issues, including all 18 high severity CVEs with the Radeon 20.7.1 and Radeon 21.Q1 Enterprise driver packages.
The completed list of the patched vulnerabilities are as follows:
- Ori Nimron (@orinimron123): CVE-2020-12892, CVE-2020-12893, CVE-2020-12894, CVE-2020-12895, CVE-2020-12897, CVE-2020-12898, CVE-2020-12899, CVE -2020-12900, CVE-2020-12901, CVE-2020-12902, CVE-2020-12903, CVE-2020-12904, CVE-2020-12905, CVE-2020-12963, CVE-2020-12964, CVE-2020 -12980, CVE-2020-12981, CVE-2020-12982, CVE-2020-12983, CVE-2020-12986, CVE-2020-12987
- Eran Shimony of CyberArk Labs: CVE-2020-12892
- Lucas Bouillot, of the Apple Media Products RedTeam: CVE-2020-12929
- driverThru_BoB 9th: CVE-2020-12960