AMD “Radeon” Series Graphics Drivers Contained Multiple ‘Severe’ Security Vulnerabilities, Proved Cisco Talos Experts

AMD ATI Radeon Graphics Cards Drivers contained multiple security vulnerabilities, reported the Security and Digital Protection team of Cisco. The engineers at Cisco Talos proved how attackers could manipulate the latest AMD ATI drivers to remotely execute arbitrary code and even execute a DDoS attack.

Security engineers at Talos, Cisco’s online security, protection, and threat analysis arm, reported that AMD’s “Radeon” series of graphics drivers contained multiple vulnerabilities. The vulnerabilities range from Severe to Critical rating. They allowed attackers to launch multiple forms of attack on the victims. Based on the information in the report released by Cisco Talos, it appears that the corporate and professional sectors may have been the primary target for potential attackers. Neither AMD nor Cisco has confirmed any cases of successful exploitation of the security flaws in AMD Radeon Graphics drivers. Still, it is highly recommended that AMD graphics card users must immediately download the updated and patched drivers.

Cisco Talos Identifies Four Security Vulnerabilities In AMD ATI Radeon Graphics Cards Drivers With Varying Severity Rating:

Cisco Talos disclosed a total of four security flaws. The vulnerabilities were tracked as CVE-2019-5124, CVE-2019-5147, and CVE-2019-5146. Some reports indicate the basic value of “CVSS 3.0” is “9.0” at the maximum. Other reports claim the security flaws were tagged with a CVSS score of 8.6. This essentially means the security bugs were rather severe and needed immediate attention from AMD.

To trigger these out-of-bounds security flaws, an attacker needed to create and deploy a specially crafted, malformed pixel shader. The victims needed to only open the specially crafted shader file in the VMware Workstation 15 guest operating system for the attack to commence. In other words, the attack could be triggered from inside VMware guest user-mode “to cause an out-of-bounds read in the VMWare-vmx.exe process on the host, or theoretically through WEBGL (remote website).”

It is interesting to note that all of the security bugs in AMD ATI Radeon Graphics drivers, impacted the AMD ATIDXX64.DLL driver. According to the security engineers, there were three out-of-bounds bugs and one type of confusion issue. Cisco’s researchers tested and confirmed these vulnerabilities in AMD ATIDXX64.DLL, version 26.20.13025.10004, running on Radeon RX 550 / 550 Series graphics cards, on VMware Workstation 15 with Windows 10 x64 as guest VM. The fourth vulnerability impacts AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. However, the same graphics cards series and platform were vulnerable.

AMD Patched The Four Security Vulnerabilities In Conjunction With VMWare:

Subsequent to the discovery of the four security flaws within AMD ATI Radeon graphics drivers, Cisco Talos engineers alerted the company about the same. According to Cisco, AMD was informed in the month of October, and the latter took immediate steps to plug the security flaws.

Cisco Talos further added that the combination of the AMD Radeon drivers for “VMware Workstation” v15.5.1 and v20.1.1 has solved the problem. AMD has yet to update its Security Page with the information. Needless to add, it is concerning that such an update wasn’t publicly released by AMD after it had taken corrective action to plug the security loopholes. These issues might have impacted the corporate and professional sectors.

Alap Naik Desai
A B.Tech Plastics (UDCT) and a Windows enthusiast. Optimizing the OS, exploring software, searching and deploying solutions to strange and weird issues is Alap's main interest.