Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards. An attacker could send the victim a specially crafted D3DKMTCreateAllocation API request to cause an out-of-bounds read, leading to a denial-of-service condition. This vulnerability could be triggered from a guest account.

In accordance with our coordinated disclosure policy, Cisco Talos worked with AMD to disclose this vulnerability. AMD has disclosed this vulnerability and released notes on it but does not plan to have an official patch until Q1 of 2021.

Vulnerability details

AMD ATIKMDAG.SYS D3DKMTCreateAllocation handler denial-of-service vulnerability (TALOS-2020-1119/CVE-2020-12911)

A denial-of-service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS 26.20.15029.27017. A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a guest account.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that this vulnerability affects the AMD ATIKMDAG.SYS driver, version 26.20.15029.27017.

Coverage

The following SNORTⓇ rules from an earlier rule release will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 36214, 36215