AMD Graphics Driver Security Exploits for Windows 10

dencal · 14 Nov 2021

Thanks for info Shawn....Updated.

Phone Man · 14 Nov 2021

I have 21.5.2 which is the latest Legacy driver for my A10-7870K processor with R7 graphics.
I'm good.

Jim

RJARRRPCGP · 15 Nov 2021

Looks like I'm golden, too, with 21.8.2.

andyc56 · 17 Nov 2021

I went to the AMD site and downloaded version 21.10.2 of the driverr, which is the latest as of today, 11/17/2021. I was very pleased to see there was an option in the installer to only install the driver itself. In the past, they had changed their installer, forcing users to install their control app. I was using an old driver from before they started doing that, as I didn't want to install their control app. So the option not to install it was a pleasant surprise.

But then I had a weird experience with Windows Update. I have Windows Update configured in Group Policy Editor as follows:

Configure Automatic Updates: Disabled
Select when Preview Builds and Feature Updates are received: Enabled
Select when Quality Updates are received: Enabled
Manage preview builds: Enabled

These settings are there because I have an HTPC with an oddball USB sound device, whose manufacturer often lags in their official support of the latest Windows 10 version by several months. Once they announce compatibility, I upgrade all my machines at once manually.

Yesterday, I checked for manual updates and it automatically downloaded an AMD video driver, version 27.20.11044.7, which is dated in 2020, so it's older than the most recent one I previously installed. I had to reinstall 21.10.2 again. I went to look for how to disable automatic driver download and install, and found this article that shows how to do so using the Control Panel. I did that, and re-checked Windows Update. It installed the old AMD driver again, meaning that the Control Panel technique didn't work. Annoyed, I reinstalled 21.10.2 again. This time, I looked up another article that showed how to disable automatic driver update using Group Policy Editor. I did that, then rebooted, then checked Windows Update again. This time, it correctly prevented the automatic video driver update.

So either the Control Panel technique just doesn't work at all, or I needed to reboot after using it.

CVE	Severity	Description
CVE-2020-12902	High	Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12891	High	AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable.
CVE-2020-12892	High	An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.
CVE-2020-12893	High	Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.
CVE-2020-12894	High	Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.
CVE-2020-12895	High	Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service.
CVE-2020-12898	High	Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12901	High	Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure.
CVE-2020-12903	High	Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.
CVE-2020-12900	High	An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service.
CVE-2020-12929	High	Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution.
CVE-2020-12960	High	AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).
CVE-2020-12980	High	An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12981	High	An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.
CVE-2020-12982	High	An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12983	High	An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service.
CVE-2020-12985	High	An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
CVE-2020-12986	High	An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service.
CVE-2020-12962	Medium	Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.
CVE-2020-12904	Medium	Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.
CVE-2020-12905	Medium	Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.
CVE-2020-12964	Medium	A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information.
CVE-2020-12987	Medium	A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass.
CVE-2020-12920	Medium	A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck
CVE-2020-12899	Medium	Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.
CVE-2020-12897	Medium	Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.
CVE-2020-12963	Medium	An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system.

CVE	AMD Radeon Software Mitigated Version	AMD Radeon Pro Software for Enterprise First Mitigated Version
CVE-2020-12894 CVE-2020-12900 CVE-2020-12964 CVE-2020-12980 CVE-2020-12981 CVE-2020-12982 CVE-2020-12983 CVE-2020-12985 CVE-2020-12986 CVE-2020-12987	20.7.1 and higher	21.Q1 Enterprise Driver
CVE-2020-12893 CVE-2020-12899 CVE-2020-12901 CVE-2020-12902 CVE-2020-12903 CVE-2020-12904 CVE-2020-12905 CVE-2020-12920 CVE-2020-12929 CVE-2020-12962 CVE-2020-12963 CVE-2020-12895 CVE-2020-12898	20.11.2 and higher	21.Q1 Enterprise Driver
CVE-2020-12897 CVE-2020-12892	21.3.1 and higher	21.Q2 Enterprise Driver
CVE-2020-12891 CVE-2020-12960	21.4.1 and higher	21.Q2 Enterprise Driver