AMD admits that its new driver update packages for Windows are becoming a 'shooting target' of hackers

The company says these vulnerabilities make its driver packages vulnerable to a variety of malicious exploits that can seriously affect the overall security state of the system, including:

1. Escalation of privileges
2. Denial of service
3. Leaking information
4. Skip KASLR
5. Arbitrary writes to kernel memory

The image below shows a list of designated CVE IDs that correspond to the malicious exploit that has been reported by AMD related to its driver update packages, with a brief description and threat level. that they cause.

In fact, the majority of the above-mentioned vulnerabilities were discovered and reported by third-party security researchers. In which, Ori Nimron (Twitter username @orinimron123) is the white hat hacker with the largest contribution. AMD said that the company has been gradually rolling out patches for known vulnerabilities through additional graphics driver updates. The most recent update with code 21.4.1, also a major 2020-21 driver update for Radeon graphics cards, not only comes with patches, but also brings a lot of new features as well as improvements. improve the stability in the operation of the hardware.

It is quite a coincidence that Intel is also struggling with the same situation. That's because Intel built its Kaby Lake G SKUs using AMD's Vega graphics. Therefore, 'Team Blue' also had to rush to release new graphics driver version 21.10.03.11 for the Kaby Lake G series to fix the problem, despite the product line being discontinued (EOL) quite a while ago.

In addition to the bugs noted by AMD, Intel also added one more bug discovered and tracked by themselves with the identifier "CVE-2021-33105". More information can be found on Intel's website.

Lesley Montoya

Update 14 November 2021