“After a comprehensive analysis of AMD Escape commands, we found a set of weaknesses in several APIs. These weaknesses make the system vulnerable to privilege escalation, denial-of-service attacks and denial-of-service attacks. services, disclosing information, bypassing KASLR, or writing arbitrary code to memory,” AMD stated in the security advisory published this week. The vulnerabilities were discovered by independent security researcher, Ori Nimron (Twitter username @orinimron123), Eran Shimony of CyberArk Labs, Lucas Bouillot, of the Apple Media Products RedTeam and driverThru_BoB 9th. AMD has successfully addressed most of the vulnerability issues, including all 18 high severity CVEs with the Radeon 20.7.1 and Radeon 21.Q1 Enterprise driver packages. The completed list of the patched vulnerabilities are as follows:
Ori Nimron (@orinimron123): CVE-2020-12892, CVE-2020-12893, CVE-2020-12894, CVE-2020-12895, CVE-2020-12897, CVE-2020-12898, CVE-2020-12899, CVE -2020-12900, CVE-2020-12901, CVE-2020-12902, CVE-2020-12903, CVE-2020-12904, CVE-2020-12905, CVE-2020-12963, CVE-2020-12964, CVE-2020 -12980, CVE-2020-12981, CVE-2020-12982, CVE-2020-12983, CVE-2020-12986, CVE-2020-12987 Eran Shimony of CyberArk Labs: CVE-2020-12892 Lucas Bouillot, of the Apple Media Products RedTeam: CVE-2020-12929 driverThru_BoB 9th: CVE-2020-12960