AMD reveals an Epyc 50 flaws – 23 of them rated high severity. Intel has 25 bugs, too
Think of an attack – DoS, arbitrary code execution, memory corruption – and one of these vulns allows it
Microsoft may have given us a mere 55 CVEs to worry about on November's Patch Tuesday, but AMD and Intel have together topped that number with fixes for their products.
AMD alone revealed 50 new CVE-listed bugs this week, 23 of them rated of "high" concern, meaning they're rated at between 7.0 and 8.9 on the Common Vulnerability Scoring System.
Let's start with the 27 flaws in the AMD Graphics Driver for Windows 10 – 18 of them rated high – because at least they're in software and Microsoft and Adobe's patch cadence means readers could be in the mood to update their installations.
Detailed here, the flaws allow escalation of privilege, denial of service, the ability for an unprivileged user to drop malicious DLL files onto a system, unauthorized code execution, memory corruption, and information disclosure.
In its acknowledgements to those who found the bugs, AMD hat-tips a chap named Lucas Bouillot, of the Apple Media Products RedTeam. So now we know Apple has that team.
AMD's Epyc processors – all three generations of 'em – have 22 flaws, four of them rated high. Those flaws, and AMD's descriptions of them, are:
- CVE-2020-12954 – A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.
- CVE-2020-12961 – A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.
- CVE-2021-26331 – AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.
- CVE-2021-26335 – Improper input and range checking in the Platform Security Processor (PSP) boot loader image header may allow for an attacker to use attack-controlled values prior to signature validation potentially resulting in arbitrary code execution.
AMD's μProf Tool has but a single flaw, the high-rated CVE-2021-26334 that "may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user."
- Palo Alto Networks patches 9.8 severity CVE in popular GlobalProtect product
- These couldn't wait for Patch Tuesday: Adobe issues bonus fixes for 92 security holes in 14 products
- We regret to inform you there's an RCE vuln in old version of WinRAR. Yes, the file decompression utility
- Cisco warns 'unintentional debugging credential' left in some network switches can be abused to hijack equipment
Intel has also revealed product vulnerabilities – 25 of them. Chipzilla issues its own IDs for flaws, and groups multiple CVEs beneath them.
Those rated High include:
- INTEL-SA-00509 – which includes 10 CVEs in Intel WiFi products, allowing escalation of privilege, denial of service, and information disclosure
- INTEL-SA-00535 – a single CVE (CVE-2021-0148) that impacts multiple Intel solid state disks. "Insertion of information into log file in firmware … may allow a privileged user to potentially enable information disclosure via local access," states Intel's advisory.
- INTEL-SA-00528 – an escalation of privilege flaw in Pentium, Celeron, and Atom silicon
- INTEL-SA-00562 – Bad BIOS may allow escalation of privileges in 10 types of Intel CPU ranging from this year's Xeons to Core CPUs from 2016, and even some 2013 Celerons
The Register suggests paying attention to Intel's bug list because its warnings touch on many, and very common, products such as Bluetooth, Ethernet drivers, and Thunderbolt. ®