AMD has resolved a long list of security vulnerabilities found in its graphics driver for Windows 10 devices, permitting threat actors to run arbitrary code and raise the privileges on vulnerable systems. The probable impact and the bugs’ severity vary, with AMD tagging more than a dozen flaws as high severity.

“In a extensive research of the AMD Escape calls, a probable set of weakness in several APIs was founded, which could result in escalation of privileges, denial of service, data disclosure, KASLR bypass, or arbitrary write to kernel memory,” AMD explained.

The complete list of patched flaws includes:

• CVE-2020-12892, CVE-2020-12893, CVE-2020-12894, CVE-2020-12895, CVE-2020-12897, CVE-2020-12898, CVE-2020-12899, CVE-2020-12900, CVE-2020-12901, CVE-2020-12902, CVE-2020-12903, CVE-2020-12904, CVE-2020-12905, CVE-2020-12963, CVE-2020-12964, CVE-2020-12980, CVE-2020-12981, CVE-2020-12982, CVE-2020-12983, CVE-2020-12986, CVE-2020-12987
• CVE-2020-12892
• CVE-2020-12929
• CVE-2020-12960

An AMD insides person was not available to facilitate a disclosure timeline when contacted by our security researchers.

AMD EPYC Server Processor Bug Fixes

Recently AMD also patched medium and high severity security flaws affecting the company’s 1st/2nd/3rd Gen AMD EPYC server processors that could lead to arbitrary code execution, bypassing SPI ROM protections, loss of integrity, denial of service, information disclosure, and more.

“During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages,” AMD said.

The company also addressed an improper access control vulnerability (CVE-2021-26334) found by Michal Poslušný from ESET Research in the AMDPowerProfiler.sys driver of the AMD μProf tool. AMD μProf is a performance analysis utility that can be used to inspect Windows, Linux, and FreeBSD applications.

Successful exploitation of this flaw would allow attackers without enough privileges to gain access to kernel model-specific registers, which leads to privilege escalation and ring-0 code execution that gives the attacker full control over the vulnerable system  

When are Windows 11 Performance issues Addressed?

At the start of October, right after Windows 11 started rolling out, AMD has also alerted significant performance hits on Windows 11 compatible AMD processors, which included the latest Ryzen CPUs when utilizing some of the Applications.

One of the compatibility issues led to increased measured and functional L3 cache latency which had a direct impact on the access time to the memory subsystem for some apps.

While for some of the affected apps the expected performance impact was between 3 to 5%, for eSports games AMD said that customers could see a performance decrease of 10-15% on Windows 11. The AMD CPU issues were addressed two weeks later with the optional KB5006746 cumulative update preview for Windows 11 released on October 21.

“Addresses an L3 caching issue that might affect performance in some applications on devices that have AMD Ryzen processors after upgrading to Windows 11 (original release),” Microsoft explained in the release notes.