AMD confirms its Windows driver was at the mercy of hackers due to a dozen security exploits

Demo image of a rootkit malware in a CPU
via Sophos

AMD has published a long list of security bugs and exploits that its Windows 10 graphics drivers were vulnerable to. The company says these vulnerabilities made its driver susceptible to the following malicious attacks that include:

  • Escalation of privilege
  • Denial of service
  • Information disclosure
  • KASLR bypass
  • Arbitrary write to kernel memory

The image below shows the CVE IDs assigned to these exploits, a short description, and the level of threat they posed.

List of AMD GPU driver vulnerabilities on Windows 10

AMD was made aware of these bugs by security researchers among whom, Ori Nimron (Twitter username @orinimron123) made the biggest contribution. The company states it gradually patched these exploits with graphics driver updates, the most recent one being the 21.4.1 driver which was the 2020-21 mega driver update for Radeon that brought in a ton of new features as well lower power draw. You can find more details on AMD’s official announcement here.

Curiously, Intel too got stuck in this situation since the company built its Kaby Lake G SKUs using AMD’s Vega graphics. As such, Team Blue had to release a new graphics driver version for Kaby Lake G even though it was already announced as an End-of-Life (EOL) product earlier.

Aside from the bugs already noted by AMD, Intel also adds one more by itself dubbed “CVE-2021-33105”. More details can be found on Intel’s official page.