AMD Ryzen Master Default Permissions Flaw Leads to Arbitrary Code Execution (AMD-SB-9004)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Product: AMD Ryzen™ Master Monitoring SDK & AMD Ryzen™ Master Utility - Issue: Improper default permission settings, potentially leading to arbitrary code execution. - Impact: Low-privileged users may exploit this vulnerability to escalate privileges. 2. Vulnerability ID: AMD-SB-9004 3. Potential Impact: Arbitrary code execution 4. Severity: High 5. Remediation: - AMD Ryzen™ Master Monitoring SDK: Update to version 2.13.0.2915 - AMD Ryzen™ Master Utility for Overclocking Control: Update to version 2.13.1.3097 6. Acknowledgments: Thank you to Pwni for reporting these issues and participating in coordinated vulnerability disclosure. 7. Disclaimer: - The information is for reference only and may contain technical inaccuracies, omissions, or formatting errors. - AMD is not obligated to update or correct the information. - AMD does not provide any express or implied warranties, including but not limited to warranties of accuracy or completeness of the content, or for the operation or use of AMD hardware, software, or other products. - AMD is not liable for any security vulnerabilities in computer systems that may not be fully preventable or mitigable. - Any terms and limitations related to the purchase or use of AMD products are specified in the agreement signed by both parties or in AMD’s sales terms and conditions. 8. Trademark Information: - AMD, AMD Arrow logo, Ryzen, Threadripper, and other marks are trademarks of Advanced Micro Devices, Inc. - CVE and CVE logo are registered trademarks of The MITRE Corporation. 9. Copyright: © 2024 Advanced Micro Devices, Inc. All rights reserved.

Goal Reached Thanks to every supporter — we hit 100%!

AMD Ryzen Master Default Permissions Flaw Leads to Arbitrary Code Execution (AMD-SB-9004)