A hot potato: Graphics driver updates from GPU hardware manufacturers are typically met with healthy doses of excitement and skepticism. Some users look forward to the potential game and application support, functionality, or pure FPS a new package can provide. Others are hesitant to take the leap for fear that the release might cause more problems than it solves. AMD's latest security bulletins have now shown the importance of keeping their Radeon drivers up-to-date in order to support security posture as well as graphics capabilities.
The latest batch of common vulnerabilities and exposures (CVEs) released by Team Red covers 27 driver-level security findings, including 18 high-severity vulnerabilities. Unintended escalation of privileges, DLL hijacking, and arbitrary code execution are among the issues caused by the security holes. Malicious actors taking advantage of these exploits can cause user-facing impacts ranging from compromised information to complete data loss.
Fortunately for AMD Radeon users, many of these issues have been addressed by the company's last several driver releases. Beginning with the Radeon 20.7.1 and the Radeon 21.Q1 Enterprise driver packages, AMD has successfully mitigated most of these security issues, including all 18 high severity CVEs. These releases and their ability to remediate associated security concerns present an excellent case for end-users to review and consider driver updates based on more than just efficient data and image processing by their GPUs.
Recently discovered security vulnerabilities are not limited to AMD's Radeon product line. The Register highlights more than 70 vulnerabilities spanning all generations of AMD's EPYC processors and Intel's Wi-Fi, SSDs, and processors, including the Pentium, Celeron, Atom, and Xeon product lines.
The security issues were discovered and reported thanks to several researchers and organizations, including vulnerability expert Ori Nimron, cybersecurity product developer CyberArk Labs, and several others. Based on AMD's bulletins, any AMD GPU user running Radeon Software version 21.4.1, Radeon Pro Software version 21.Q2 Enterprise driver, or higher, should be up to date and protected from the reported exploits.