If your PC uses a Radeon GPU and is prone to the dreaded "Blue Screen of Death" (BSOD) error, the cause may be in the graphics driver. More specifically, it is a denial of service vulnerability that will not be fixed until some time next year. [Security researchers at Cisco discovered this security flaw and noted that it is "caused by executing the D3DKMTCreateAllocation function with incorrect data. This leads to an out-of-bounds read vulnerability in the AMD ATIKMDAG.SYS driver. [An attacker could then exploit the out-of-bounds read to cause a denial of service and crash the PC with a BSOD. It could also be triggered by an unprivileged (called guest) account.
This particular vulnerability has a Common Vulnerability Scoring System (CVSS) rating of 7.1 on a scale of 0 to 10, with 10 being the most severe. AMD has not been able to confirm Cisco's public announcement and the BSOD that would occur. acknowledged the possibility, but stated that it believes "sensitive information and long-term functionality will not be affected." In other words, it appears to be a potential nuisance rather than a serious security threat.
AMD also put on its Captain Obvious hat and said that affected users "can fix the problem by restarting their computers. If your PC isn't already set up to automatically reboot after a crash, as opposed to staring at a BSOD forever, then you're not going to be able to fix the problem.
AMD plans to provide a more permanent fix through a future graphics driver update in the first quarter of 2021.
Comments