Tuesday, October 13, 2020

Vulnerability Spotlight: Denial of service in AMD ATIKMDAG.SYS driver

  

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards. An attacker could send the victim a specially crafted D3DKMTCreateAllocation API request to cause an out-of-bounds read, leading to a denial-of-service condition. This vulnerability could be triggered from a guest account.

In accordance with our coordinated disclosure policy, Cisco Talos worked with AMD to disclose this vulnerability and ensure an update is available

Vulnerability details

AMD ATIKMDAG.SYS D3DKMTescape handler denial-of-service vulnerability (TALOS-2020-1102/CVE-2020-12933)

A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS 26.20.15029.27017. A specially crafted D3DKMTEscape request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from guest account.

Read the complete vulnerability advisory here for additional information. 


Versions tested

Talos tested and confirmed that this vulnerability affects the AMD ATIKMDAG.SYS driver, version 26.20.15029.27017.


Coverage

The following SNORTⓇ rules from an earlier rule release will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 54465, 54466

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.