Eighteen high severity vulnerabilities remediated in AMD's Radeon graphics driver packages

[Jimmy2x]

A hot potato: Graphics driver updates from GPU hardware manufacturers are typically met with healthy doses of excitement and skepticism. Some users look forward to the potential game and application support, functionality, or pure FPS a new package can provide. Others are hesitant to take the leap for fear that the release might cause more problems than it solves. AMD's latest security bulletins have now shown the importance of keeping their Radeon drivers up-to-date in order to support security posture as well as graphics capabilities.

The latest batch of common vulnerabilities and exposures (CVEs) released by Team Red covers 27 driver-level security findings, including 18 high-severity vulnerabilities. Unintended escalation of privileges, DLL hijacking, and arbitrary code execution are among the issues caused by the security holes. Malicious actors taking advantage of these exploits can cause user-facing impacts ranging from compromised information to complete data loss.

Fortunately for AMD Radeon users, many of these issues have been addressed by the company's last several driver releases. Beginning with the Radeon 20.7.1 and the Radeon 21.Q1 Enterprise driver packages, AMD has successfully mitigated most of these security issues, including all 18 high severity CVEs. These releases and their ability to remediate associated security concerns present an excellent case for end-users to review and consider driver updates based on more than just efficient data and image processing by their GPUs.

Recently discovered security vulnerabilities are not limited to AMD's Radeon product line. The Register highlights more than 70 vulnerabilities spanning all generations of AMD's EPYC processors and Intel's Wi-Fi, SSDs, and processors, including the Pentium, Celeron, Atom, and Xeon product lines.

The security issues were discovered and reported thanks to several researchers and organizations, including vulnerability expert Ori Nimron, cybersecurity product developer CyberArk Labs, and several others. Based on AMD's bulletins, any AMD GPU user running Radeon Software version 21.4.1, Radeon Pro Software version 21.Q2 Enterprise driver, or higher, should be up to date and protected from the reported exploits.

Permalink to story.

https://www.techspot.com/news/92212-eighteen-high-severity-vulnerabilities-remediated-amd-radeon-graphics.html

 

[WhoCaresAnymore]

Hackers suck. They make everything a pain, from passwords to even having a smart device hooked into your network.

I think the laws should include the death penalty.

 

[Geralt]

Hackers suck. They make everything a pain, from passwords to even having a smart device hooked into your network.

I think the laws should include the death penalty.

I can happily shoot them dead against a big wall. And I am not joking.

 

[VitalyT]

It is funny how AMD manages to withhold 18 critical fixes for their product, while Microsoft is getting crucified for one performance bug in Windows 11 related to AMD CPUs.

 

[Puiu]

It is funny how AMD manages to withhold 18 critical fixes for their product, while Microsoft is getting crucified for one performance bug in Windows 11 related to AMD CPUs.

Everybody has bugs and flaws (read the article again). Windows gets crucified over that particular bug because of the timing. It allowed for wanky pre-release benchmarks and it should have been easy to find during testing. Performance regressions are industry standard in automated testing.

 

[MyIOnU]

AMD drivers are shitty as well. I cannot run any version higher than 19.12.1 on my 5700XT without crashing. Something in the new drivers that make my games crashed 5-10 mins into the games.

 

[Mr Majestyk]

Holy crap 18 severe vulnerabilities, that's a major feat in itself. So how long have these been around? What's Nvidia's count?

 

[merikafyeah]

These are all "physical access" type vulnerabilities, so perhaps enterprise machines running AMD graphics should be patched immediately, but for the average user with an AMD graphics card in his desktop PC at home this isn't really something to be concerned about.

 

[captaincranky]

It is funny how AMD manages to withhold 18 critical fixes for their product, while Microsoft is getting crucified for one performance bug in Windows 11 related to AMD CPUs.

What's even funnier, is how casually the AMD fanboys are taking it. 18 critical parches needed? "Meh so what" .

 

[Irata]

What's even funnier, is how casually the AMD fanboys are taking it. 18 critical parches needed? "Meh so what" .

I guess that‘s what being told for years that serious hardware based security flaws don‘t matter does.
At least AMD did not have to disable DX12 support to fix these issues.

 

[mikemc79nz]

AMD drivers are shitty as well. I cannot run any version higher than 19.12.1 on my 5700XT without crashing. Something in the new drivers that make my games crashed 5-10 mins into the games.

I have Rx 5600 xt and 6600xt and both are fine on new drivers maybe try ddu or AMD drive uninstall utility to remove and fresh install new drivers

 

[Puiu]

AMD drivers are shitty as well. I cannot run any version higher than 19.12.1 on my 5700XT without crashing. Something in the new drivers that make my games crashed 5-10 mins into the games.

How about giving a few more details besides "it has problems". Drivers making multiple games crash would have been news.

Is your card overheating with the new drivers? What is the error in the log? what games are causing problems? As far as I know there are some reddit reports of some 5700XT cards having heating issues where the card tries to get too high boost clocks in demanding games and it becomes unstable.

 

[Yenega]

Does this come as a surprise tho?

Ryzen had tons of vulnerabilies too, but AMD does NOT pay people to find them. Intel does (Bug Bounty Program, up to 100.000 USD reward)

No wonder people use their time on Intel instead of AMD. Logic 101.

 

[captaincranky]

Does this come as a surprise tho?

Ryzen had tons of vulnerabilies too, but AMD does NOT pay people to find them. Intel does (Bug Bounty Program, up to 100.000 USD reward)

No wonder people use their time on Intel instead of AMD. Logic 101.

From what I've witnessed here, I don't think that the AMD crowd wants to know if their CPU of choice even has any vulnerabilities

That would destroy the myth that "Intel is sh!t, and AMD is perfect".. Which, after all, is a belief system that they would like to maintain in perpetuity

 

[Puiu]

Does this come as a surprise tho?

Ryzen had tons of vulnerabilies too, but AMD does NOT pay people to find them. Intel does (Bug Bounty Program, up to 100.000 USD reward)

No wonder people use their time on Intel instead of AMD. Logic 101.

That is wrong, people focus on Intel because they have the majority of the market. The same issue exists with Windows vs MacOS.

 

[captaincranky]

That is wrong, people focus on Intel because they have the majority of the market.

It could be that both explanations are valid. It doesn't have to be one or the other.

If were ignoring any problems that AMD might have in order to "root for the underdog", so be it. Neither explanation is necessarily mutually exclusive.I credit the bulk of AMD's recent success to TSMC. If it weren't for them AMD might have gone under. But true, if it weren't for TSMC's success with 8 nm process, Intel might still be on generation 15 @ 14 nm. (and possibly beyond)

Suppose we call the relationship between the two companies, "symbiotic".

 

[Yenega]

That is wrong, people focus on Intel because they have the majority of the market. The same issue exists with Windows vs MacOS.

That is true too, but the money def. helps.

Alot of people chase vulnerabilities for a living or as part of their hobby.
Obviously money will make them focus on Intel over AMD, when Intel will pay them and AMD won't.

Hell, the community pretty much solved AMDs USB bug on Ryzen chipsets too. (Ryzen 3000 and 5000 series on 400 and 500 series chipsets), alot of people still have issues tho, because motherboard manufacturers did not patch it yet.

EPYC also had 22 vulnerabilities discovered recently.

As AMD gained marketshare, more and more vulnerabilities were discovered and they have pretty much same amount as Intel now.

 

[Puiu]

That is true too, but the money def. helps.

Alot of people chase vulnerabilities for a living or as part of their hobby.
Obviously money will make them focus on Intel over AMD, when Intel will pay them and AMD won't.

Hell, the community pretty much solved AMDs USB bug on Ryzen chipsets too. (Ryzen 3000 and 5000 series on 400 and 500 series chipsets), alot of people still have issues tho, because motherboard manufacturers did not patch it yet.

EPYC also had 22 vulnerabilities discovered recently.

As AMD gained marketshare, more and more vulnerabilities were discovered and they have pretty much same amount as Intel now.

I've worked directly with such security companies (one is in London) and I can safely tell you that bug bounties is not even in their minds. They do these things to attract lucrative contracts and business partners (and it works). Security is very expensive.

 

[BadThad]

Death to haxors! All they do is create suffering and misery in the most annoying way fathomable.

 

[wizardB]

AMD drivers are shitty as well. I cannot run any version higher than 19.12.1 on my 5700XT without crashing. Something in the new drivers that make my games crashed 5-10 mins into the games.

Sounds like a video card problem my 5700XT runs all the latest drivers just fine. Maybe you need to check your fan curve.

 

[MyIOnU]

Sounds like a video card problem my 5700XT runs all the latest drivers just fine. Maybe you need to check your fan curve.

I'm on water cooling, and all temperature never go above 60C. That does not explain why it works fine with all old driver. Also, they still did not fix the issue with the Memory stuck at 1750.

 

[Puiu]

I'm on water cooling, and all temperature never go above 60C. That does not explain why it works fine with all old driver. Also, they still did not fix the issue with the Memory stuck at 1750.

Interesting. Does the OEM have any BIOS updates? Maybe even a motherboard BIOS update.

As for the memory clock, are you using a single monitor or multiple? It seems like it is normal on AMD cards for the memory clocks to be pegged when using multiple monitors or very high refresh rates (144Hz or more).

I would even try to reflash the card if the problems are that big.

 

[CorMega69]

Hackers suck. They make everything a pain, from passwords to even having a smart device hooked into your network.

I think the laws should include the death penalty.

I totally agree. If you made the punishment fit the crime, these hackers would think twice. Every single website you need a password and an account.