Discovering vulnerabilities in software is not an easy thing to do. There are many use cases and states that need to be tested to see a possible vulnerability. Still, security researchers know how to find those and they usually report it to the company that made the software. Today, AMD has disclosed that there is a vulnerability present in the company graphics driver powering the GPUs and making them work on systems. Called CreateAllocation (CVE-2020-12911), the vulnerability is marked with a score of 7.1 in the CVSSv3 test results, meaning that it is not a top priority, however, it still represents a big problem.
“A denial-of-service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS 26.20.15029.27017. A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a guest account, ” says the report about the vulnerability. AMD states that a fix is implemented by simply restarting your computer if a BSOD happens. The company also declares that “confidential information and long-term system functionality are not impacted”. AMD plans to release a fix for this software problem sometime in 2021 with the new driver release. You can read more about it here.
