[TPU] AMD Quietly Patched Four Major GPU Security Vulnerabilities with Radeon 20.1.1 Drivers - Overclock.net - An Overclocking Community
Forum Jump: 

[TPU] AMD Quietly Patched Four Major GPU Security Vulnerabilities with Radeon 20.1.1 Drivers

Reply
 
Thread Tools
post #1 of 25 (permalink) Old 01-25-2020, 09:38 PM - Thread Starter
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,077
Rep: 185 (Unique: 128)
[TPU] AMD Quietly Patched Four Major GPU Security Vulnerabilities with Radeon 20.1.1 Drivers

Source: https://www.techpowerup.com/263237/a...20-1-1-drivers

Quote:
If you haven't updated your AMD Radeon drivers in a while, here's one major reason to. The company secretly patched four major security vulnerabilities affecting Radeon GPUs, in its recent Adrenalin 20.1.1 drivers, with no mention of doing so in its changelog. Talos Intelligence reports four vulnerabilities, which are are chronicled under CVE-2019-5124, CVE-2019-5146, CVE-2019-5147 and CVE-2019-5183. This class of attacks exploits a vulnerability in the AMD Radeon driver file ATIDXX64.dll, which can lead to denial of service or even remote code execution. What makes things much more serious is that this attack vector can be used to exploit the host machine from a VM (tested with VMWare). It even seems possible to trigger the vulnerability from a web page, through WebGL (which allows running 3D applications on a remote website). The vulnerabilities were tested on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guest VM, but there is no reason to assume that the issue is limited to just RX 550 as the AMD shader compiler shares a common code basis for all recent DirectX 12 GPUs.

All four vulnerabilities have been patched with Adrenalin 20.1.1 drivers. AMD rival NVIDIA also battles security vulnerabilities in secret, but the company tends to be more transparent in mentioning vulnerabilities patched in its driver release-notes. AMD's release notes for 20.1.1, in contrast omit any mention of the vulnerabilities, so most people aren't even aware that they should update their drivers to fix a security issue.

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Radeon VII @ 2100Mhz/1250Mhz w/ 1218mV
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is online now  
Sponsored Links
Advertisement
 
post #2 of 25 (permalink) Old 01-25-2020, 09:53 PM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,968
Rep: 51 (Unique: 38)
I just rolled back drivers today to get my Windows Mixed Reality headset to work :/
And crashing with older graphics drivers are apparently a symptom of potentially being hacked now?
At least they have a patch so you can crash with a sense of peace and security.

L5
(17 items)
Lea2
(11 items)
L7
(11 items)
CPU
5775c
Motherboard
Maximus VII Hero
GPU
Aorus 1080ti Waterforce
RAM
16 Gb Gskill Trident @ 2400,cas10,1.575v
RAM
8 Gb Gskill Trident @ 2400,cas10,1.575v
Hard Drive
1Tb Team ssd
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear, Nova 40, 598se, HE4xx, DT990pro w b.boost earpads
Audio
SoundbasterX AE-5, onboard
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb klevv urbane 2133
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
8Gb 1600 samsung
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
24" samsung 1080p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is online now  
post #3 of 25 (permalink) Old 01-25-2020, 10:00 PM
New to Overclock.net
 
Join Date: Mar 2019
Posts: 23
Rep: 0
theyre up to 20.1.3
shotround is offline  
Sponsored Links
Advertisement
 
post #4 of 25 (permalink) Old 01-26-2020, 04:29 AM
New to Overclock.net
 
Liranan's Avatar
 
Join Date: Nov 2010
Location: Soviet China... Oh wait..
Posts: 8,766
Rep: 616 (Unique: 300)
Now they need to fix their OpenCL drivers so they don't cause problems with BOINC projects.

Quote:
Quote:
Originally Posted by faraz1729 go_quote.gif
Haha, Liranan, you creep.

Tacitus - The more corrupt the state, the more numerous the laws

Only when the last tree has died and the last river been poisoned and the last fish been caught will we realise we cannot eat money. - Cree Indian Proverb
Liranan is offline  
post #5 of 25 (permalink) Old 01-26-2020, 04:33 AM
New to Overclock.net
 
CoD511's Avatar
 
Join Date: Jan 2012
Location: Western Australia
Posts: 358
Rep: 15 (Unique: 13)
Is it just me but considering the rather extreme nature of potential exploits from these vulnerabilities, that AMD should be ensuring their userbase is actually aware that they need to update and patch to a later driver? Even to a hotfix that addresses security issues.

Ryzen 9 3900X | Acer Predator XB271HU | EVGA GTX 1080Ti | ASUS Crosshair VIII Hero | 512GB Samsung 970 Pro | 1TB Samsung 860 EVO | Corsair HX850i | Corsair 900D
CoD511 is offline  
post #6 of 25 (permalink) Old 01-26-2020, 08:57 AM
curmudgeon
 
miklkit's Avatar
 
Join Date: Apr 2013
Posts: 5,865
Rep: 307 (Unique: 178)
Huh. All I know is I got a nice bump in performance with the 20.1.1 drivers.

IOKIYAR
Junkyard Dog
(18 items)
Blackie
(17 items)
CPU
AMD Ryzen 1700
Motherboard
Biostar X370 GT7
GPU
Sapphire Nitro+ Radeon Vega 64
RAM
G. Skill Ripjaws ddr4 3200 16 GB 4x4
Hard Drive
Samsung 850 EVO 500gb SSD
Hard Drive
Western Digital 500gb
Hard Drive
Samsung 860 evo 1tb ssd
Optical Drive
Memorex Lightscribe dvd
Power Supply
Seasonic 850 watt
Cooling
Thermalright Silver Arrow IB-E Extreme
Case
Silverstone Redline RL05
Operating System
Win 10 64bit
Monitor
Pixio 27" 1440P
Keyboard
yes
Mouse
Evoluent vertical mouse
Mouse
yes
Audio
Creative X-FI
Other
Sennheiser headphones HD 599
CPU
AMD FX8370 @ 5 ghz
Motherboard
ASUS Sabertooth
GPU
Sapphire Fury
RAM
G Skill F3-14900CL9Q-16GBXL
Hard Drive
Western Digital
Hard Drive
Samsung 850 EVO
Optical Drive
Memorex Lightscribe dvd
Power Supply
Seasonic SS-850KM Active PFC F3
Cooling
Thermalright Silver Arrow IB-E Extreme
Case
Silverstone Redline RL02b
Operating System
Win X 64 bit
Monitor
Pixio 27" 1440P
Keyboard
yes
Mouse
Evoluent VM4
Mouse
yes
Audio
Creative Soundblaster Z
Audio
Sennheiser 428 headphones
▲ hide details ▲
miklkit is offline  
post #7 of 25 (permalink) Old 01-26-2020, 08:47 PM
Adclock.net
 
Rayleyne's Avatar
 
Join Date: May 2011
Location: Australia
Posts: 3,743
Rep: 144 (Unique: 129)
Am i the only one that doesn't care how they are patched so long as they are patched?

Click For Awesome (Click to show)
Quote:
Originally Posted by The Mad Mule go_quote.gif

Me and my roommates watched a standalone video of a guy demonstrating it on YouTube. I lost it when he started stroking it.
Quote:
Originally Posted by Zen00 go_quote.gif

I like robo-butts and I can not lie, microchips with a great wave line...
Quote:
Originally Posted by Tunechi go_quote.gif

I honestly don't think there's any way to explain it without it sounding weird or one's imagination taking a ride.
Quote:
Originally Posted by candy_van go_quote.gif

I can't even remember the last time I grounded myself before handling stuff.
Unless it's the middle of the winter and I'm moonwalking across my carpet in socks before tearing a PC apart I'm not worried about it.
Quote:
Originally Posted by Liranan go_quote.gif

A laptop is still a PC, albeit a portable one. You can tell how many laptops there are by looking at the 1366*768. Most people don't play...biggrin.gif


Rayleyne is offline  
post #8 of 25 (permalink) Old 01-26-2020, 09:31 PM
LTSC Consiglieri
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 22,325
Rep: 648 (Unique: 349)
Quote: Originally Posted by Rayleyne View Post
Am i the only one that doesn't care how they are patched so long as they are patched?
its just funny to see them slide it in, while others were getting hammered with bad press.

everyone and their mother patched extreme vulnerabilities, starting two tuesdays ago.

seems its a net win, perf wise. everything of mine is running post win7 death. Only down side was getting LTSC forced onto 1809.

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
Best R0ach Quote of all time : TLDR: Haswell might be the last legit gaming platform unless mice get their own non-USB interface on some newer architecture.
skupples is online now  
post #9 of 25 (permalink) Old 01-27-2020, 07:19 AM
Mining the DB
 
SystemTech's Avatar
 
Join Date: Jun 2009
Location: Ottawa Canada
Posts: 2,328
Rep: 118 (Unique: 102)
Quote: Originally Posted by Rayleyne View Post
Am i the only one that doesn't care how they are patched so long as they are patched?
Im with you on that. Good on them for patching it before the media got hold of it.

Often when a exploit is found, the manufacturer is contacted and given a grace period to patch it before the exploit is made public.
If you can patch it in that timeframe, great. I think thats largely where Intel have been failing and therefore gaining massive negative press (and the fact that the fixes reduce performance by a truck ton).

Intertwined Desk
(13 items)
The virtualizer
(11 items)
Surfacing
(7 items)
CPU
AMD Ryzen 3600
Motherboard
Gigabyte X470 Auros Gaming 7 Wifi
GPU
AMD RX VEGA 64
RAM
2 x 8GB GSKILL Trident Z Royal 3733 CL16
Hard Drive
Samsung 960 PRO 512GB
Hard Drive
Crucial BX100 1TB
Power Supply
EVGA SuperNOVA G3 650W
Cooling
Custom Watercooled Desk
Case
My Desk
Monitor
Acer XR341ck @85hz
Keyboard
Logitech G410
Mouse
Logitech G700s
Mousepad
Roccat Taito 3mm
CPU
E5-2670 8c/16t
CPU
E5-2670 8c/16t
Motherboard
Dell PowerEdge R720
RAM
DDR3 ECC 8 x 8GB
Hard Drive
4 x Crucial MX500 256GB RAID 10
Hard Drive
1 x Crucial MX500 1TB
Hard Drive
4 x Seagate 5TB Barracuda(ST5000LM000) RAID 6 (15TB)
Power Supply
Dell PowerEdge 750W
Power Supply
Dell PowerEdge 750W
Case
Dell PowerEdge R720
Operating System
Windows Server 2016 Hyper-V
CPU
i7 6850U 4c/8t
GPU
Nvidia GTX 1060
RAM
16GB DDR4
Hard Drive
Samsung 512GB SSD
Power Supply
105W Power Brick
Case
Microsoft Surface Book 2 15"
Monitor
Microsoft Surface 15"
▲ hide details ▲


SystemTech is offline  
post #10 of 25 (permalink) Old 01-27-2020, 08:02 AM - Thread Starter
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,077
Rep: 185 (Unique: 128)
Quote: Originally Posted by SystemTech View Post
Im with you on that. Good on them for patching it before the media got hold of it.

Often when a exploit is found, the manufacturer is contacted and given a grace period to patch it before the exploit is made public.
If you can patch it in that timeframe, great. I think thats largely where Intel have been failing and therefore gaining massive negative press (and the fact that the fixes reduce performance by a truck ton).
Unlike Intel/nVidia, AMD didn't add to their driver release notes that these vulnerabilities were patched. What's the point of patching the vulnerability if you're not going to tell the affected users.

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Radeon VII @ 2100Mhz/1250Mhz w/ 1218mV
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is online now  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off