某些 AMD Radeon 顯示卡韌體中存在允許 RCE 的漏洞

兩種型號的AMD Radeon顯示卡的驅動程式 包含 一個漏洞, 其操作使攻擊者能夠透過虛擬機器上的來賓帳戶遠端執行第三方程式碼.

這個結論是由 思科塔洛斯 發布錯誤描述的工程師. 開發人員發布補丁後,專家公佈了該錯誤的技術細節.

「某些 AMD Radeon 卡的 ATIDXX64.DLL 驅動程式中包含遠端程式碼執行漏洞. AMD 生產 Radeon 系列硬體, 其中包括顯示卡和圖形處理單元. Radeon 上有這個特定漏洞 接收 550550 series while running VMWare Workstation 15”, — reported Cisco Talos researchers.

To exploit the vulnerability, an attacker needs to prepare a special pixel in the guest virtual machine and send it to the ATIDXX64.DLL library. 因此, the driver function sub_32B820 will be called with a specific argument, which will allow the attacker to carry out controlled damage to the mware-vmx.exe process memory on the host and execute malicious code.

The problem is present in driver versions 25.20.15031.5004 和 25.20.15031.9002 for Radeon 550 and RX 550 video cards. To exploit the vulnerability, the VMware Workstation device must have version 15.0.4 build-12990004, as well as 64-bit Windows 10.

另請閱讀: Researchers discovered 125 vulnerabilities in 13 models of routers and NAS

Researchers discovered a bug and reported it to AMD back in May of this year, and for several months worked with the company’s specialists to create a patch. On September 16, a new version of the driver containing a patch appeared on the vendor’s site. The vulnerability is registered as CVE-2019-5049 and experts rate it 9 points on the CVSS scale.

In June, AMD had to release a patch for Secure Encrypted Virtualization (SEV) system software that implements memory protection for virtual machines under Linux. The bug allowed cybercriminals to find out one part of the secret PDH key used to encrypt data and gain access to the system data of the target host.

關於作者

瓦爾迪斯·科克

安全工程師, 逆向工程和內存取證

發表評論