Security company Cisco Talos has discovered a bug in AMD’s GPU driver that allows systems to crash. AMD says this will have no security implications and will resolve the issue in the first quarter of 2021.The researchers found that it is possible to provide an out-of-bounds read and denial of service, or a blue screen of death. , on systems with the appropriate GPU driver. That works by sending a specific request to the D3DkmtcreateAllocation api. This requires an attacker to have access to the system, but admin rights are not necessary. The problem is in the Atikmdag.sys file of the Radeon Graphics driver. Talos has found that the bug is present at least from version 26.20.15029.27017. That’s the designation for the Radeon Software Adrenalin 2020 Edition 20.4.2, which came out in April, Cisco Talos notified AMD in July. AMD confirms the problem and has assigned the code CVE-2020-12911. According to AMD, this is a potential vulnerability, but the manufacturer states that confidential information and the security of systems are not at stake. The crashes that can be forced via the bug can be solved with a restart. AMD will solve the problem in GPU drivers that will be released in the first quarter of 2021.Update, 13:49: The potential vulnerability is unrelated to bsod issues that can occur while gaming. The bug is unlikely to have major consequences for consumers. Malicious people can only force a bsod if they already have access to the computer. In late September, Cisco Talos published information about a remode code execution vulnerability in an Nvidia GPU driver. By displaying a specially prepared shader, an attacker could increase permissions on a system. The researchers discovered the vulnerability in March, Nvidia has now resolved it, after which publication followed.
You might also like