[TPU] AMD Quietly Patched Four Major GPU Security Vulnerabilities with Radeon 20.1.1 Drivers - Page 2 - Overclock.net - An Overclocking Community
Forum Jump: 

[TPU] AMD Quietly Patched Four Major GPU Security Vulnerabilities with Radeon 20.1.1 Drivers

Reply
 
Thread Tools
post #11 of 25 (permalink) Old 01-27-2020, 10:17 AM
New to Overclock.net
 
Join Date: Aug 2019
Location: Kentucky
Posts: 301
Rep: 13 (Unique: 12)
Quote: Originally Posted by WannaBeOCer View Post
Unlike Intel/nVidia, AMD didn't add to their driver release notes that these vulnerabilities were patched. What's the point of patching the vulnerability if you're not going to tell the affected users.

Wonder what else they are hiding with their lack of transparency?

Open Air Build
(13 items)
CPU
i9
Motherboard
ASUS ROG Strix Z390-H Gaming
GPU
MSI GEFORCE GTX1080 TI GAMING X 11G
RAM
Corsair Vengeance LPX DDR4 DRAM 3000MHz
Hard Drive
Samsung 970 EVO
Hard Drive
WD Blue
Power Supply
EVGA SuperNOVA
Cooling
All PrimoChill parts (Rad 360, Pumps D5, Fittings, and Acrylic Tubing), Byskey CPU&GPU Blocks
Case
Praxis Wet Bench
Operating System
Windows 10 Pro
Monitor
Asus Predrator
Other
Thermaltake Commander F6 Fan Controller
Other
DIY Sleeved Cables
▲ hide details ▲
smilinjohn is offline  
Sponsored Links
Advertisement
 
post #12 of 25 (permalink) Old 01-27-2020, 11:17 AM
I <3 narcissists
 
bigjdubb's Avatar
 
Join Date: Feb 2008
Location: Houston, TX
Posts: 5,690
Rep: 223 (Unique: 139)
It's pretty annoying that they don't mention it in the release notes. I use the release notes to decide if I should take the chance on updating the driver, since I don't use my RVII on a gaming machine there is rarely any reason for me to update outside of security patches and bug fixes.

Why wouldn't they state that they patched a security hole? If someone figured out that they fixed then the vulnerability was known, if it's known then patching it would be good news..... right? Glossing over a patch for an unknown vulnerability makes some sort of damage control sense, but hiding that they fixed a known problem?

Gaming Rig
(12 items)
Couch Gaming Rig
(10 items)
Work rig
(11 items)
CPU
Ryzen 7 3700x
Motherboard
Gigabyte X570 Master
GPU
EVGA RTX 2080ti FTW3
RAM
G.Skill TridentZ RGB
Hard Drive
HP EX920 m.2
Hard Drive
Intel SSD6 m.2
Hard Drive
Intel SSD6 m.2
Power Supply
EVGA G3
Cooling
CORSAIR H150I PRO
Case
LianLi PC-O11 Dynamic
Operating System
Win 10 Home
Monitor
LG 32GK650G
CPU
Ryzen 5 3600
Motherboard
Asus x470i
GPU
Radeon VII
RAM
G.Skill TridentZ RGB
Hard Drive
Samsung 970 evo
Power Supply
InWin A1
Cooling
NZXT M22
Case
InWin A1
Operating System
Win10 Home
Monitor
Vizio 4k TV
CPU
AMD Ryzen 7 2700X
Motherboard
Asrock X470 Taichi Ultimate
GPU
GTX 750
RAM
Patriot Viper
Hard Drive
HP EX920 M.2
Power Supply
EVGA G3
Cooling
CORSAIR H150I PRO
Case
NZXT Source 210
Operating System
Windows 10 Pro
Monitor
BenQ PD3200Q
Monitor
LG 32UD59
▲ hide details ▲


bigjdubb is offline  
post #13 of 25 (permalink) Old 01-27-2020, 12:17 PM
New to Overclock.net
 
rdr09's Avatar
 
Join Date: Mar 2011
Location: From the US but lives in Africa
Posts: 19,125
Rep: 874 (Unique: 637)
Quote: Originally Posted by bigjdubb View Post
It's pretty annoying that they don't mention it in the release notes. I use the release notes to decide if I should take the chance on updating the driver, since I don't use my RVII on a gaming machine there is rarely any reason for me to update outside of security patches and bug fixes.

Why wouldn't they state that they patched a security hole? If someone figured out that they fixed then the vulnerability was known, if it's known then patching it would be good news..... right? Glossing over a patch for an unknown vulnerability makes some sort of damage control sense, but hiding that they fixed a known problem?
I believe none of them include any security patches in the release notes. Instead, they release security bulletins like these . . .

https://www.amd.com/en/corporate/product-security

https://www.nvidia.com/en-us/security/

The difference between the two is nVidia puts out the info through other media.

[email protected] 6 http://valid.canardpc.com/show_oc.php?id=2211392 4.6 @ 4 http://valid.canardpc.com/show_oc.php?id=2216580
5.0 @ 8 http://valid.canardpc.com/show_oc.php?id=2511322
2nd AMD Build
(10 items)
CPU
2700
Motherboard
X470
GPU
290
RAM
3200 CL14
Hard Drive
1000
Power Supply
700
Case
212
Operating System
10/64
Monitor
40 1080
Keyboard
M100
▲ hide details ▲
rdr09 is offline  
Sponsored Links
Advertisement
 
post #14 of 25 (permalink) Old 01-27-2020, 12:32 PM - Thread Starter
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,079
Rep: 185 (Unique: 128)
Quote: Originally Posted by rdr09 View Post
I believe none of them include any security patches in the release notes. Instead, they release security bulletins like these . . .

https://www.amd.com/en/corporate/product-security

https://www.nvidia.com/en-us/security/

The difference between the two is nVidia puts out the info through other media.
nVidia and Intel both include vulnerability information in their driver release notes. AMD didn't update that until today after the press blasted them for quietly patching it.

https://us.download.nvidia.com/Windo...ease-notes.pdf

Quote:
This section describes additional actions to take to mitigate specific known security issues.

Restricting/Enabling Access to GPU Performance
Counters

The NVIDIA graphics driver contains a vulnerability (CVE-2018-6260) that may allow access to
application data processed on the GPU through a side channel exposed by the GPU performance
counters. GPU performance counters are needed by developers in order to use NVIDIA developer
tools such as CUPTI, Nsight Graphics, and Nsight Compute. In order to address CVE-2018-6260
the driver (starting with version 419.67) automatically disables access for non-admin users.

For more information about CVE-2018-6260 visit the NVIDIA Security Bulletin 4772.

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Radeon VII @ 2100Mhz/1250Mhz w/ 1218mV
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is online now  
post #15 of 25 (permalink) Old 01-27-2020, 01:41 PM
New to Overclock.net
 
rdr09's Avatar
 
Join Date: Mar 2011
Location: From the US but lives in Africa
Posts: 19,125
Rep: 874 (Unique: 637)
Quote: Originally Posted by WannaBeOCer View Post
nVidia and Intel both include vulnerability information in their driver release notes. AMD didn't update that until today after the press blasted them for quietly patching it.

https://us.download.nvidia.com/Windo...ease-notes.pdf

I must have missed it. What page exactly?

[email protected] 6 http://valid.canardpc.com/show_oc.php?id=2211392 4.6 @ 4 http://valid.canardpc.com/show_oc.php?id=2216580
5.0 @ 8 http://valid.canardpc.com/show_oc.php?id=2511322
2nd AMD Build
(10 items)
CPU
2700
Motherboard
X470
GPU
290
RAM
3200 CL14
Hard Drive
1000
Power Supply
700
Case
212
Operating System
10/64
Monitor
40 1080
Keyboard
M100
▲ hide details ▲
rdr09 is offline  
post #16 of 25 (permalink) Old 01-27-2020, 01:50 PM - Thread Starter
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,079
Rep: 185 (Unique: 128)
Quote: Originally Posted by rdr09 View Post
I must have missed it. What page exactly?
Page 18

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Radeon VII @ 2100Mhz/1250Mhz w/ 1218mV
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is online now  
post #17 of 25 (permalink) Old 01-27-2020, 05:47 PM
New to Overclock.net
 
Join Date: Jan 2013
Posts: 693
Rep: 35 (Unique: 28)
I guess AMD was hoping people won’t notice as to not tarnish their image. While some might vocally criticize them for this, i imagine a good number would just let this slide because it’s AMD. If this was intel/nvidia, then it would have been a near total-bashfest.

Gaming PC
(17 items)
Office PC
(15 items)
CPU
Intel Core i7 8700K
Motherboard
ASUS ROG STRIX Z370-E Gaming
GPU
Gigabyte Geforce RTX 2080 Gaming OC 8G
RAM
G.Skill RipjawsV 16GB (8GB x 2) DDR4-3200 CL16
Hard Drive
WD Black 500GB NVMe
Hard Drive
Samsung 970 EVO 500GB NVMe
Power Supply
Seasonic Prime Titanum 750W
Cooling
Noctua NH-D15
Case
Fractal Design Define R6 USB-C TG
Operating System
Microsoft Windows 10 Pro
Monitor
Acer Predator X34P
Keyboard
Topre Realforce R2 PFU Edition Full-Size Black
Mouse
Logitech G903
Mousepad
Logitech PowerPlay
Audio
Bose Companion 3 Series II
Audio
Sennheiser HD 600
Audio
Creative Labs Sound Blaster Z
CPU
Intel Core i7-9750H
GPU
AMD Radeon PRO 555X
RAM
16GB DDR4
Hard Drive
Apple 256GB NVMe PCIE SSD
Operating System
MacOS Catalina
CPU
Intel Pentium G4560
Motherboard
ASRock B250M Pro4
GPU
Intel HD Graphics 610
RAM
G.Skill Aegis 8GB (4GBx2) DDR4 2400MHz
Hard Drive
Samsung 970 EVO 500GB
Power Supply
Seasonic X650 KM3
Cooling
Corsair SP120 quiet edition
Cooling
Intel stock CPU cooler
Cooling
Noctua NF P14s redux-1200
Case
Corsair Obsidian 550D
Operating System
Windows 10 Pro
Monitor
Dell U2311H
Keyboard
Logitech G613
Mouse
Logitech G903 Lightspeed
Mousepad
Razer Goliathus Stealth
▲ hide details ▲
jologskyblues is online now  
post #18 of 25 (permalink) Old 01-27-2020, 06:34 PM
High Clocker
 
bmgjet's Avatar
 
Join Date: Nov 2011
Posts: 3,203
Rep: 189 (Unique: 163)
Lol at the people posting on here.
Every company patchs security vulnerabilities such as these ones in private with no patch notes while they are still in the private patching window.
The whole point to keep them private with no patch notes is so they people that are going to try and exploit it keep wasting time working on that exploit instead of trying to work on a new one.
By bringing it to the public's attention is really doing everyone a disservice but I guess people just love attacking AMD.


SLI Voodoo 2 - > GeForce4 MX 420 -> GF 6600GT -> GF 6800GT -> GF 8800Ultra -> AMD 4870 -> AMD 4890 -> CF AMD 5820 -> CF AMD 6850 -> CF AMD 7970 -> SLI GF 680 -> SLI GF 780 -> CF AMD 290X -> GF 980ti -> SLI GF 980ti -> GF 1080ti -> SLI GF 1080ti -> <- RTX 2080ti (DOA/Refunded)
CPU
AMD 8120
CPU
FX 8350
GPU
7970 CFX
GPU
680 SLI
▲ hide details ▲


bmgjet is offline  
post #19 of 25 (permalink) Old 01-27-2020, 06:40 PM
New to Overclock.net
 
speed_demon's Avatar
 
Join Date: Nov 2006
Location: Wisconsin
Posts: 1,859
Rep: 100 (Unique: 78)
Some of us have hardware that isn't supported anymore.

Just updated my NAS build HP 8200 with a new old stock HD 5450M MXM video card. Had no choice as my CPU's IGP was producing all sorts of weird artifacting.

Quote: Originally Posted by SystemTech View Post
Im with you on that. Good on them for patching it before the media got hold of it.

Often when a exploit is found, the manufacturer is contacted and given a grace period to patch it before the exploit is made public.
If you can patch it in that timeframe, great. I think thats largely where Intel have been failing and therefore gaining massive negative press (and the fact that the fixes reduce performance by a truck ton).
The patches absolutely demolished the performance of my i5-2320. Both transcoding performance for Plex and the IGP's ability to do basically anything were cut way down. And here I was thinking an i5 would be enough for a simple NAS. Lol.

I've been an Intel user from the Pentium 4 days but AMD is certainly looking like the better option for most of us.

Quis custodiet ipsos custodes?


speed_demon is online now  
post #20 of 25 (permalink) Old 01-27-2020, 07:10 PM
New to Overclock.net
 
Join Date: Aug 2019
Location: Kentucky
Posts: 301
Rep: 13 (Unique: 12)
Quote: Originally Posted by speed_demon View Post
I've been an Intel user from the Pentium 4 days but AMD is certainly looking like the better option for most of us.

I've been an Intel customer for years too, and I agree that AMD is starting to close the performance and price gap making them look like a viable option in the future. However one thing that concerns me with AMD at the moment is the reports of wonky driver support I've been reading, especially on here. At lest right now with my 9900k if something starts to act weird in my machine I'm pretty certain that it was a Windows update that caused it, throw in questionable drivers from the chip manufacture into the mix and I'm not as willing to give AMD a chance. But hopefully AMD will get those hitches out of their get along before my next build, if they are making progress then maybe.

Open Air Build
(13 items)
CPU
i9
Motherboard
ASUS ROG Strix Z390-H Gaming
GPU
MSI GEFORCE GTX1080 TI GAMING X 11G
RAM
Corsair Vengeance LPX DDR4 DRAM 3000MHz
Hard Drive
Samsung 970 EVO
Hard Drive
WD Blue
Power Supply
EVGA SuperNOVA
Cooling
All PrimoChill parts (Rad 360, Pumps D5, Fittings, and Acrylic Tubing), Byskey CPU&GPU Blocks
Case
Praxis Wet Bench
Operating System
Windows 10 Pro
Monitor
Asus Predrator
Other
Thermaltake Commander F6 Fan Controller
Other
DIY Sleeved Cables
▲ hide details ▲
smilinjohn is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off