AMD Ryzen Flaw Enables Code Execution Through DLL Hijacking

A security vulnerability has been identified in the AMD Ryzen™ Master Utility, a performance-tuning tool for AMD Ryzen™ processors.

This flaw, discovered by a security researcher, allows for privilege escalation and arbitrary code execution via DLL hijacking. AMD has confirmed the issue and issued a patch to mitigate the risk.

The Vulnerability

The AMD Ryzen™ Master Utility provides users with a streamlined interface for overclocking, monitoring system performance, and fine-tuning various processor and power settings.

However, it was found that the utility is susceptible to a DLL hijacking vulnerability, leaving systems open to exploitation.

This specific flaw exists because the software fails to perform proper checks to prevent unauthorized dynamic loading of DLLs.

The vulnerability, identified as CVE-2024-21966, has been assigned a CVSS score of 7.3, categorizing it as a “High” severity issue.

Exploiting this flaw requires local access to the system but poses a significant risk. An attacker could leverage the vulnerability to escalate privileges, allowing them to execute arbitrary code on the compromised machine.

The execution could lead to severe consequences, including unauthorized access, data theft, or even disruption of system operations.

Technical Details and Impact

The CVE-2024-21966 vulnerability is described as follows:

• CVSS Score: 7.3 (High)
• Impact: Confidentiality (High), Integrity (High), Availability (High)
• Vector: Local attack with low complexity
• User Interaction: Required

Once exploited, an attacker could inject malicious code into the utility, enabling them to manipulate the host system.

This vulnerability highlights the importance of robust security practices in performance-tuning software.

AMD has acted swiftly to address the issue. Users are urged to update their AMD Ryzen™ Master Utility to version 2.14.0.3205 or higher, which includes fixes to prevent the unauthorized dynamic loading of DLLs.

The updated software can be obtained from AMD’s official website.

In addition to applying the patch, users should follow best practices, such as limiting administrative access, maintaining an updated operating system, and using endpoint protection software.

AMD has publicly acknowledged and thanked “Pwni,” the researcher who discovered and responsibly reported the vulnerability.

Their efforts enabled a coordinated vulnerability disclosure, allowing AMD to address the flaw effectively.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free