AMD disclosed a new vulnerability, rated 7.2 which is high, in its popular Ryzen Master software utility, which enables CPU monitoring and overclocking capabilities for its consumer processor lineup. This vulnerability could allow an attacker to take complete control of the system. AMD has released a new version of Ryzen Master for Windows 10 and Windows 11 that fixes the problem.
AMD notes the issue stems from not validating the privilege level of a user during the Ryzen Master installation process, which means that a user with limited privileges on a computer could use an older version of Ryzen Master to gain administrator access and, eventually, full control of the system by modifying important system files. However, it is unclear whether a user who does not have administrator privileges could use the older install utility to facilitate an attack.
AMD Ryzen Master also includes several capabilities that enable fine-grained system control, such as real-time access to changing voltages and clock rates.
It’s unclear whether those features, if made available to a low-level user, could be used for clock and voltage timing attacks like Hertzbleed and Plundervolt. AMD patched a previous Ryzen Master bug discovered by HP in 2020 that also allowed privilege escalation (CVE-2020-12928). Last month, the company disclosed 31 newly discovered vulnerabilities and patched an error that allowed its graphics card drivers to auto-overclock the CPU without permission.
To bring the software up to date and patch the vulnerability, AMD recommends updating to at least version 2.10.1.2287. Other notable improvements over the previous version include support for setting a maximum operating temperature, which would slow the processor if it exceeded an assigned temperature.
Ryzen Master now allows you to assign a voltage greater than 5.2V, which is significantly higher than the normal operating voltage. Naturally, most users will not require that capability with current chips, but it is useful for extreme overclockers and may be useful with future models. Notably, older processors do not support all features.
Also Read:
