A hot potato: Graphics driver updates from GPU hardware manufacturers are usually received with a healthy dose of excitement and skepticism. Some users look forward to the potential game and application support, functionality, or pure FPS that a new package can offer. Others are reluctant to take the plunge, fearing that the release might cause more problems than it solves. The latest security bulletins from AMD have now shown the importance of keeping your Radeon drivers updated to support both security and graphics capabilities.
The latest set of Common Vulnerabilities and Exposures (CVEs) published by Team Red covers 27 driver-level security outcomes, including 18 high-severity vulnerabilities. Unintentional escalation of permissions, DLL hijacking and arbitrary code execution are among the problems caused by the security vulnerabilities. Malicious actors who take advantage of these exploits can have effects on the user ranging from compromised information to complete data loss.
Fortunately for AMD Radeon users, many of these issues were addressed in the company’s latest driver releases. Starting with the Radeon 20.7.1 and Radeon 21.Q1 Enterprise driver packages, AMD has successfully mitigated most of these security issues, including all 18 high severity CVEs. These versions, and their ability to address related security concerns, provide a great argument for end users to review and consider driver updates that are not based solely on efficient data and image processing by their GPUs.
Recently discovered vulnerabilities are not limited to AMD’s Radeon line of products. The registry highlights more than 70 vulnerabilities spanning all generations of AMD’s EPYC processors and Intel’s Wi-Fi, SSDs and processors, including the Pentium, Celeron, Atom and Xeon product lines.
The security issues were discovered and reported thanks to several researchers and organizations including vulnerability expert Ori Nimron, cybersecurity product developer CyberArk Labs, and several others. Based on AMD bulletins, every AMD GPU user with Radeon Software Version 21.4.1, Radeon Pro Software Version 21.Q2 Enterprise Driver or higher should be up to date and protected from the reported exploits.