Just recently, AMD listed two security holes on its product security page and warned that one of the two holes could lead to system incompatibilities and so-called blue screens of death in the adrenaline graphics driver with the help of certain requirements could. The overclocking tool Ryzen Master was also affected by the security breach, but has already been fixed via an update from AMD. Cisco Talos Sourcefire Vulnerability Research Team recently identified CVE vulnerabilities – 2020 – 12911 in the ATIKMDAG.SYS of the ATI Kernel Mode Driver Package and in the OC and monitoring tool Ryzen Master CVE – 2020-12928 found. In this regard, the network equipment supplier Cisco said:

“ This vulnerability can be triggered by executing the D3DKMTCreateAllocation function with malformed data. This leads to an out-of-bounds read vulnerability in AMD ATIKMDAG.SYS driver.

An attacker can influence the read address for the movzx operation by modifying the payload for the D3DKMTCreateAllocation function, potentially leading to an out-of-bound read vulnerability and denial of service “.

While the Ryzen master problem as already mentioned with version 2.2.0. 1543 was closed and in the meantime even the latest version 2.3.0. 1591 is available, the driver security problem is still not there fixed and, according to security experts, can still allow attackers to exploit the vulnerability via a targeted attack via API query of the D3DKMTCreateAllocation. According to AMD, a corresponding bug fix can be expected in the first quarter 2021.