Thursday, October 8th 2020

AMD Graphics Drivers Have a CreateAllocation Security Vulnerability

Discovering vulnerabilities in software is not an easy thing to do. There are many use cases and states that need to be tested to see a possible vulnerability. Still, security researchers know how to find those and they usually report it to the company that made the software. Today, AMD has disclosed that there is a vulnerability present in the company graphics driver powering the GPUs and making them work on systems. Called CreateAllocation (CVE-2020-12911), the vulnerability is marked with a score of 7.1 in the CVSSv3 test results, meaning that it is not a top priority, however, it still represents a big problem.

"A denial-of-service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS 26.20.15029.27017. A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a guest account, " says the report about the vulnerability. AMD states that a temporary fix is implemented by simply restarting your computer if a BSOD happens. The company also declares that "confidential information and long-term system functionality are not impacted". AMD plans to release a fix for this software problem sometime in 2021 with the new driver release. You can read more about it here.
Sources: AMD, Talos Intelligence
Add your own comment

12 Comments on AMD Graphics Drivers Have a CreateAllocation Security Vulnerability

#1
hellrazor
So the driver tries to read memory it's not supposed to and then segfaults the way it's supposed to. I'm not saying it isn't a bug, but I feel like there are easier ways to go about crashing a system.
Posted on Reply
#2
Sihastru
AMD states that a fix is implemented by simply restarting your computer if a BSOD happens.
Have you tried turning it off and on again?
Posted on Reply
#3
arbiter
Sihastru
Have you tried turning it off and on again?
and fix won't be for months so many turning it off and on agains? anywhere from 2 months to 14 months.
AMD plans to release a fix for this software problem sometime in 2021 with the new driver release.
Posted on Reply
#4
theoneandonlymrk
arbiter
and fix won't be for months so many turning it off and on agains? anywhere from 2 months to 14 months.
Has it been exploited, is it prevalent , why has my Vega ran without BSOD for two years if it has been?.
Posted on Reply
#5
ShurikN
AMD states that a temporary fix is implemented by simply restarting your computer if a BSOD happens.
:laugh:
What else are you gonna do if a BSOD happens...
Posted on Reply
#6
Kohl Baas
ShurikN
:laugh:
What else are you gonna do if a BSOD happens...
Try Crtl+Alt+Kick... :laugh:
Posted on Reply
#7
Steevo
They coming to steal your texture caches and your color data, lock your computer!!
Posted on Reply
#8
R-T-B
theoneandonlymrk
Has it been exploited, is it prevalent , why has my Vega ran without BSOD for two years if it has been?.
Jumping straight the defense I see.

To answer your questions in order, probably somewhere, no not at all, and who the feck knows or cares?
Posted on Reply
#9
GoldenX
I'm not sure what's the point of this. You can force a BSOD with any GPU driver if you trigger the right feature or extension in the wrong way.
Hell, just call a compute shader and write trash on occupied VRAM, instant BSOD.
Posted on Reply
#10
theoneandonlymrk
R-T-B
Jumping straight the defense I see.

To answer your questions in order, probably somewhere, no not at all, and who the feck knows or cares?
Just toeing the Typical line, I would say the same thing for Xe or Ampere.
Posted on Reply
#11
RJARRRPCGP
That's the same bugcheck code as RAM corruption, like loss of RAM stability. :(

Good to know, or else I would have thought that I have a RAM problem.
Posted on Reply
#12
MadsMagnus
Honestly, compared to the NV driver stack the ATI based counter-parts are a bit of an attrocity. Not that the drivers arent good, they can work no issues, but when you delve into the package payload, the amount of CCC.exe remnants that exist are still too much. The drivers don't even have a silent-install flag, because they call on so many processes. It's sad.
Posted on Reply
Add your own comment