AMD Graphics Driver for Windows 10
Bulletin ID: AMD-SB-1000
Potential Impact: Varies by CVE, see descriptions below
Severity: Varies by CVE, see descriptions below
Summary
In a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege, denial of service, information disclosure, KASLR bypass, or arbitrary write to kernel memory.
Affected Products
AMD Graphics Driver for Windows 10
CVE Details
CVE |
Severity |
Description |
CVE-2020-12902 |
High |
Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
CVE-2020-12891 |
High |
AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. |
CVE-2020-12892 |
High |
An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. |
CVE-2020-12893 |
High |
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. |
CVE-2020-12894 |
High |
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service. |
CVE-2020-12895 |
High |
Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. |
CVE-2020-12898 |
High |
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
CVE-2020-12901 |
High |
Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure. |
CVE-2020-12903 |
High |
Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. |
CVE-2020-12900 |
High |
An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. |
CVE-2020-12929 |
High |
Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution. |
CVE-2020-12960 |
High |
AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS). |
CVE-2020-12980 |
High |
An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
CVE-2020-12981 |
High |
An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service. |
CVE-2020-12982 |
High |
An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
CVE-2020-12983 |
High |
An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service. |
CVE-2020-12985 |
High |
An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
CVE-2020-12986 |
High |
An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service. |
CVE-2020-12962 |
Medium |
Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation. |
CVE-2020-12904 |
Medium |
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure. |
CVE-2020-12905 |
Medium |
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure. |
CVE-2020-12964 |
Medium |
A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information. |
CVE-2020-12987 |
Medium |
A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass. |
CVE-2020-12920 |
Medium |
A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck. |
CVE-2020-12899 |
Medium |
Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service. |
CVE-2020-12897 |
Medium |
Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass. |
CVE-2020-12963 |
Medium |
An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. |
Mitigation
CVE |
AMD Radeon Software Mitigated Version |
AMD Radeon Pro Software for Enterprise First Mitigated Version |
CVE-2020-12894 CVE-2020-12900 CVE-2020-12964 CVE-2020-12980 CVE-2020-12981 CVE-2020-12982 CVE-2020-12983 CVE-2020-12985 CVE-2020-12986 CVE-2020-12987 |
20.7.1 and higher |
21.Q1 Enterprise Driver |
CVE-2020-12893 CVE-2020-12899 CVE-2020-12901 CVE-2020-12902 CVE-2020-12903 CVE-2020-12904 CVE-2020-12905 CVE-2020-12920 CVE-2020-12929 CVE-2020-12962 CVE-2020-12963 CVE-2020-12895 CVE-2020-12898 |
20.11.2 and higher |
21.Q1 Enterprise Driver |
CVE-2020-12897 CVE-2020-12892 |
21.3.1 and higher |
21.Q2 Enterprise Driver |
CVE-2020-12891 CVE-2020-12960 |
21.4.1 and higher |
21.Q2 Enterprise Driver |
Acknowledgement
AMD thanks the following for reporting these issues and engaging in coordinated vulnerability disclosure.
Ori Nimron (@orinimron123) : CVE-2020-12892, CVE-2020-12893, CVE-2020-12894, CVE-2020-12895, CVE-2020-12897, CVE-2020-12898, CVE-2020-12899, CVE-2020-12900, CVE-2020-12901, CVE-2020-12902, CVE-2020-12903, CVE-2020-12904, CVE-2020-12905, CVE-2020-12963, CVE-2020-12964, CVE-2020-12980, CVE-2020-12981, CVE-2020-12982, CVE-2020-12983, CVE-2020-12986, CVE-2020-12987
Eran Shimony of CyberArk Labs: CVE-2020-12892
Lucas Bouillot, of the Apple Media Products RedTeam: CVE-2020-12929
driverThru_BoB 9th: CVE-2020-12960
Rikunj Sindhwad: CVE-2020-12891
Internally found: CVE-2020-12920, CVE-2020-12962
Revisions
| Revision Date | Description |
| 03/04/2024 | Updated the “Acknowledgement” |
| 11/09/2021 | Initial publication |
DISCLAIMER
The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.
AMD, the AMD Arrow logo, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.
© 2024 Advanced Micro Devices, Inc. All rights reserved.