• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD Quietly Patched Four Major GPU Security Vulnerabilities with Radeon 20.1.1 Drivers

Joined
Nov 20, 2012
Messages
422 (0.10/day)
Location
Hungary
System Name masina
Processor AMD Ryzen 5 3600
Motherboard ASUS TUF B550M
Cooling Scythe Kabuto 3 + Arctic BioniX P120 fan
Memory 16GB (2x8) DDR4-3200 CL16 Crucial Ballistix
Video Card(s) Radeon Pro WX 2100 2GB
Storage 500GB Crucial MX500, 640GB WD Black
Display(s) AOC C24G1
Case SilentiumPC AT6V
Power Supply Seasonic Focus GX 650W
Mouse Logitech G203
Keyboard Cooler Master MasterKeys L PBT
Software Win 10 Pro
right... and you are complaining about it in a thread that informs you about the fixed vulnerabilities while you have a 1060 in your system specs.. makes a lot of sense.. in some universe.

What has this anything to do fit the fact that I have a GTX 1060 in my rig?
Me owning a GeForce card makes my statement somehow less true?
If I were using an RX 580 then my opinion on the matter would turn magically valid? I'm confused. :confused:


Were there security holes? Yes.
Were they in the release notes? No.
Did they fix them? Yes.
Would you had known to update for security problems you didn't even know you had? Double No.

So it might not make a lot of sense to you, but for me it makes sense to get informed on security problems preferably directly from the HW vendors that I'm using and not trough an IT news portal sourcing a 3rd party source, that I might want to update drivers in the foreseeable future.
 
Joined
Jan 2, 2019
Messages
155 (0.07/day)

Attachments

  • AMD CPUs Problem.jpg
    AMD CPUs Problem.jpg
    138.5 KB · Views: 150
Joined
May 12, 2015
Messages
88 (0.03/day)
Location
N/A
Processor AMD Ryzen 5 5600
Motherboard ASRock B550M PRO4
Cooling DeepCool AK620
Memory Kingston FURY™ Beast DDR4 3200MT/s DDR4 8 GB x 2 CL16-18-18
Video Card(s) SAPPHIRE NITRO+ RX 5700 XT 8GB
Storage SAMSUNG 850 PRO 256 GB
Display(s) HP Compaq LA2306x
Case N/A
Audio Device(s) GAMDIAS HEPHAESTUS E1
Power Supply DeepCool PM750D 750W Gold Rated PSU
Mouse Cougar Minos X2
Keyboard Corsair K70 MX RED
Software Windows 11 22H2
This is a software shader compiler bug, no gpu hardware is involved. Hence no penalty.

Okay, that's reassuring.
 
Joined
Jun 10, 2014
Messages
2,995 (0.78/day)
Processor AMD Ryzen 9 5900X ||| Intel Core i7-3930K
Motherboard ASUS ProArt B550-CREATOR ||| Asus P9X79 WS
Cooling Noctua NH-U14S ||| Be Quiet Pure Rock
Memory Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz
Video Card(s) MSI GTX 1060 3GB ||| MSI GTX 680 4GB
Storage Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB
Display(s) Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24"
Case Fractal Design Define 7 XL x 2
Audio Device(s) Cambridge Audio DacMagic Plus
Power Supply Seasonic Focus PX-850 x 2
Mouse Razer Abyssus
Keyboard CM Storm QuickFire XT
Software Ubuntu
One thing that puzzles me is that the source mentions HLSL and WebGL, while the only browser that uses HLSL with WebGL is Edge, which is being phased out. Since HLSL and GLSL is fairly similar (probably also on the compiler side), I do wonder if this potentially could be exploited in GLSL as well.

One important thing to keep in mind when hearing about vulnerabilities and claims of "arbitrary code execution", is that in most cases it only means they have found a buffer overflow problem, which in theory can lead to arbitrary code execution without protections, therefore concluding that this vulnerability can do that as well. All modern desktop operating systems and hardware have "NX bit" to stop this from happening. There may be embedded systems which lacks this kind of protection, but PC owners should not worry about getting compromised, in worst case they will get stability issues from the kernel terminating the processes, which would of course be annoying.

I would like to know more details about what the underlying problem in the compiler was, and how it was fixed. If this was a concrete logical mistake in the compiler which was properly solved, then all should be good. But if all they did was to add a detection of an edge-case, then they really didn't fix anything, leaving the possibility for a chain of new related problems. (Think of the Spectre bug; the first mitigations only targeted a specific condition, not the underlying cause)

btarunr said:
Even though HLSL shader code looks similar to assembly, it actually is a relatively high-level language that gets optimized and compiled by the graphics driver.
HLSL prior to compilation is pretty close to the C language. Compiled HLSL is an assembly-like intermediate representation (which is what you see in the examples from Talos), which is then compiled yet again for specific GPUs by the driver.
The classification as a "high level language" depends on your convention. Back in the 60s and 70s a "high level language" usually meant anything that was not architecture specific assembly. When programmers today talk about "high level languages", they think of languages like Java, C#, JavaScript etc., and by that standard HLSL would be a "low level language", just like C.
 
Joined
Mar 16, 2017
Messages
2,161 (0.76/day)
Location
Tanagra
System Name Budget Box
Processor Xeon E5-2667v2
Motherboard ASUS P9X79 Pro
Cooling Some cheap tower cooler, I dunno
Memory 32GB 1866-DDR3 ECC
Video Card(s) XFX RX 5600XT
Storage WD NVME 1GB
Display(s) ASUS Pro Art 27"
Case Antec P7 Neo
I'm on version 19.12.2 drivers, and it doesn't recommend anything unless I enable "optional" updates. Seems like really strange behavior if there are vulnerabilities that should be patched.
 
Joined
Nov 4, 2005
Messages
12,015 (1.72/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s) 55" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
I'm on version 19.12.2 drivers, and it doesn't recommend anything unless I enable "optional" updates. Seems like really strange behavior if there are vulnerabilities that should be patched.


It may only apply to certain hardware functions on certain cards, running in certain environment.

So it could be of you are running edge, in windows 7 with hardware that has X spec them certain websites running malicious code in hardware accelerated code...


So like .0005 percent of all users.
 
Joined
Aug 20, 2007
Messages
21,546 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
That's probably the most intelligent response I have yet to come across in this thread. Yeah, why does AMD even bother to include a release note or a changelog to begin with, they should totally do away with that.

because hiding issues promotes a culture of negligence. There is a reason issues are disclosed upon discovery (after a reasonable fix time, of course) as standard practice. This isn't something some dude thought up in his basement, these are time tested principles.
 
Joined
Jun 25, 2008
Messages
2,441 (0.41/day)
System Name Dell Workstation t5810
Processor Xeon CPU's E5-2683 v4 Broadwell-E Technology
Motherboard Broadwell-E X99
Cooling Default fan System Level 3
Memory 48GB DDR4
Video Card(s) Radeon Pro VII 16GB
Storage 2 Internal SSD, 6 External HDD
Display(s) Dell 27 Inch Monitor
Case Dell Precision 5810
Audio Device(s) RealTek High Definition
Power Supply 825 Watts PSU
Mouse Soundless Black Quiet Mouse
Keyboard Dell Black
Software Windows Pro 10 x64
honestly i didn't notice any of that stuff , i just play games lol
 
Joined
May 12, 2015
Messages
88 (0.03/day)
Location
N/A
Processor AMD Ryzen 5 5600
Motherboard ASRock B550M PRO4
Cooling DeepCool AK620
Memory Kingston FURY™ Beast DDR4 3200MT/s DDR4 8 GB x 2 CL16-18-18
Video Card(s) SAPPHIRE NITRO+ RX 5700 XT 8GB
Storage SAMSUNG 850 PRO 256 GB
Display(s) HP Compaq LA2306x
Case N/A
Audio Device(s) GAMDIAS HEPHAESTUS E1
Power Supply DeepCool PM750D 750W Gold Rated PSU
Mouse Cougar Minos X2
Keyboard Corsair K70 MX RED
Software Windows 11 22H2
because hiding issues promotes a culture of negligence. There is a reason issues are disclosed upon discovery (after a reasonable fix time, of course) as standard practice. This isn't something some dude thought up in his basement, these are time tested principles.

I think you've failed to detect the sarcasm in that comment of mine.

But from your own admission, issues are disclosed upon discovery, so why weren't these vulnerability fixes disclosed? Isn't that the highest form of negligence?
 
Joined
Aug 20, 2007
Messages
21,546 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
But from your own admission, issues are disclosed upon discovery, so why weren't these vulnerability fixes disclosed?

They were. Not by AMD though. People had to watch the issue trackers manually.

I think you've failed to detect the sarcasm in that comment of mine.

Probably, sorry. It is the internet, heh. My bad.
 
Joined
Aug 6, 2017
Messages
7,412 (2.75/day)
Location
Poland
System Name Purple rain
Processor 10.5 thousand 4.2G 1.1v
Motherboard Zee 490 Aorus Elite
Cooling Noctua D15S
Memory 16GB 4133 CL16-16-16-31 Viper Steel
Video Card(s) RTX 2070 Super Gaming X Trio
Storage SU900 128,8200Pro 1TB,850 Pro 512+256+256,860 Evo 500,XPG950 480, Skyhawk 2TB
Display(s) Acer XB241YU+Dell S2716DG
Case P600S Silent w. Alpenfohn wing boost 3 ARGBT+ fans
Audio Device(s) K612 Pro w. FiiO E10k DAC,W830BT wireless
Power Supply Superflower Leadex Gold 850W
Mouse G903 lightspeed+powerplay,G403 wireless + Steelseries DeX + Roccat rest
Keyboard HyperX Alloy SilverSpeed (w.HyperX wrist rest),Razer Deathstalker
Software Windows 10
Benchmark Scores A LOT
>>...AMD Quietly Patched Four Major GPU Security Vulnerabilities

AMD has a very Bad reputation of doing such things and this is Not new for experienced IT professionals. Just read this, please...
care to elaborate what the hell this is ?

What has this anything to do fit the fact that I have a GTX 1060 in my rig?
Me owning a GeForce card makes my statement somehow less true?
If I were using an RX 580 then my opinion on the matter would turn magically valid? I'm confused. :confused:


Were there security holes? Yes.
Were they in the release notes? No.
Did they fix them? Yes.
Would you had known to update for security problems you didn't even know you had? Double No.

So it might not make a lot of sense to you, but for me it makes sense to get informed on security problems preferably directly from the HW vendors that I'm using and not trough an IT news portal sourcing a 3rd party source, that I might want to update drivers in the foreseeable future.
don't bother responding.
best way to handle such comments is leave them unanswered.
 
Joined
Jan 2, 2019
Messages
155 (0.07/day)
care to elaborate what the hell this is ?


don't bother responding.
best way to handle such comments is leave them unanswered.

Techpowerup removed a description of an OpenCL problem that affects ALL notebooks ( gaming, workstations, etc ) with AMD Ryzen 3, 5 and 7 CPUs. Here it is again:

Attention to
OpenCL ( Open Compute Language ) software developers
AMD's CEO and CTO

We regret to see that AMD quietly stopped supporting CPU-type Compute Devices for OpenCL based Hybrid ( aka Heterogeneous ) processing.
The problem was detected in December 2019 on ASUS TUF FX505DU Gaming Notebook with AMD Ryzen 3750H CPU. Initially, it was considered as a problem of ASUS but actually this is Not the case. During recent visit to a nearby BestBuy store the problem was easily seen on MSI, Lenovo, Acer Gaming and HP Envy Notebooks with AMD Ryzen Mobile CPUs.
We contacted AMD's Technical Support and all our attempts to bring attention of that problem to AMD's Software Engineers failed. Technical Support from AMD's Level 1 couldn't reproduce the problem and responded in a very disrespectful way:
"...Since we can't reproduce the problem this is Not our problem...".
It means, that in case of OpenCL based Hybrid processing on computing systems with:
- AMD Ryzen Mobile CPUs up to 0.5 TFLOPs of processing power is Not used
- AMD Ryzen Desktop CPUs more than 2 TFLOPs of processing power is Not used
- AMD Epyc Server CPUs more than 4 TFLOPs of processing power is Not used
That's a Lot of Processing Power Not used for Hybrid processing ( HPC, gaming, etc ) and, unfortunately, AMD doesn't care about it!
Quality of OpenCL support from AMD is at the lowest level since 2015-2016 years and a recent AMD Display driver 26.20.11016.1 disabled NVIDIA's OpenCL Client Driver on an ASUS TUF Gaming system. AMD's Display driver 26.20.11016.1 was rollbacked to a driver from AMD Radeon Adrenalin 19.9.2 package.
Also, AMD stopped supporting AMD Accelerated Parallel Processing SDK ( aka AMD APP SDK ) and the SDK was quietly removed from the AMD's website. All attempts to bring back The Best SDK for OpenCL programming failed.
At the same time NVIDIA and Intel continue to support OpenCL.
For example, on Dell Precision Mobile workstations with Intel CPUs and NVIDIA GPUs all types of OpenCL Compute Devices are available for OpenCL based Hybrid processing.
We really wanted to upgrade current computing systems with Intel CPUs to systems with AMD CPUs ( a resolute departure! ) but due to these problems related to OpenCL support on systems with AMD CPUs all upgrades are on hold...
 
Joined
Aug 6, 2017
Messages
7,412 (2.75/day)
Location
Poland
System Name Purple rain
Processor 10.5 thousand 4.2G 1.1v
Motherboard Zee 490 Aorus Elite
Cooling Noctua D15S
Memory 16GB 4133 CL16-16-16-31 Viper Steel
Video Card(s) RTX 2070 Super Gaming X Trio
Storage SU900 128,8200Pro 1TB,850 Pro 512+256+256,860 Evo 500,XPG950 480, Skyhawk 2TB
Display(s) Acer XB241YU+Dell S2716DG
Case P600S Silent w. Alpenfohn wing boost 3 ARGBT+ fans
Audio Device(s) K612 Pro w. FiiO E10k DAC,W830BT wireless
Power Supply Superflower Leadex Gold 850W
Mouse G903 lightspeed+powerplay,G403 wireless + Steelseries DeX + Roccat rest
Keyboard HyperX Alloy SilverSpeed (w.HyperX wrist rest),Razer Deathstalker
Software Windows 10
Benchmark Scores A LOT
Technical Support from AMD's Level 1 couldn't reproduce the problem and responded in a very disrespectful way:
"...Since we can't reproduce the problem this is Not our problem...".
well,if they can't reproduce it......

and is this laptops,desktop or server ? you said laptop,and then mention epyc.

either be more coherent or just leave it.

AMD Display driver 26.20.11016.1 disabled NVIDIA's OpenCL Client Driver

wat ?
 
Joined
Aug 17, 2017
Messages
274 (0.10/day)
"Quietly" patched. As opposed to what? What would they normally do, take to the streets and start screaming like nut cases? :roll:
 
Joined
May 12, 2015
Messages
88 (0.03/day)
Location
N/A
Processor AMD Ryzen 5 5600
Motherboard ASRock B550M PRO4
Cooling DeepCool AK620
Memory Kingston FURY™ Beast DDR4 3200MT/s DDR4 8 GB x 2 CL16-18-18
Video Card(s) SAPPHIRE NITRO+ RX 5700 XT 8GB
Storage SAMSUNG 850 PRO 256 GB
Display(s) HP Compaq LA2306x
Case N/A
Audio Device(s) GAMDIAS HEPHAESTUS E1
Power Supply DeepCool PM750D 750W Gold Rated PSU
Mouse Cougar Minos X2
Keyboard Corsair K70 MX RED
Software Windows 11 22H2
opposed to what? What would they normally do, take

They'd include the fixes in the release notes and make an announcement that certain vulnerabilities were patched, just like other manufacturers do?
 
Joined
Aug 6, 2017
Messages
7,412 (2.75/day)
Location
Poland
System Name Purple rain
Processor 10.5 thousand 4.2G 1.1v
Motherboard Zee 490 Aorus Elite
Cooling Noctua D15S
Memory 16GB 4133 CL16-16-16-31 Viper Steel
Video Card(s) RTX 2070 Super Gaming X Trio
Storage SU900 128,8200Pro 1TB,850 Pro 512+256+256,860 Evo 500,XPG950 480, Skyhawk 2TB
Display(s) Acer XB241YU+Dell S2716DG
Case P600S Silent w. Alpenfohn wing boost 3 ARGBT+ fans
Audio Device(s) K612 Pro w. FiiO E10k DAC,W830BT wireless
Power Supply Superflower Leadex Gold 850W
Mouse G903 lightspeed+powerplay,G403 wireless + Steelseries DeX + Roccat rest
Keyboard HyperX Alloy SilverSpeed (w.HyperX wrist rest),Razer Deathstalker
Software Windows 10
Benchmark Scores A LOT
"Quietly" patched. As opposed to what? What would they normally do, take to the streets and start screaming like nut cases? :roll:

maybe that's what
no mention of doing so in its changelog
refers to

do people read the OP these days or just the title ?
 
Top