A high-severity vulnerability (CVE-2024-21966) has been discovered in the AMD Ryzen Master Utility, allowing attackers to execute arbitrary code via DLL hijacking. Learn more about the risks, affected versions, and how to protect your system by updating to the latest patched version.

Overview

A high-severity security vulnerability (CVE-2024-21966) has been identified in AMD Ryzen Master Utility, a widely used tool designed for overclocking and optimizing AMD Ryzen processors. This vulnerability, categorized as DLL hijacking, could allow attackers to escalate privileges and execute arbitrary code, potentially leading to a full system compromise.

Vulnerability Details

• CVE ID: CVE-2024-21966
• CVSS Score: 7.3 (High)
• Type: DLL Hijacking
• Affected Software: AMD Ryzen Master Utility (All versions prior to 2.14.0.3205)
• Fixed Version: AMD Ryzen Master Utility 2.14.0.3205 or higher

This vulnerability arises from improper validation of how the AMD Ryzen Master Utility dynamically loads external DLL files. Since the application does not implement proper checks, an attacker could place a malicious DLL in a directory searched by the application during runtime. If successfully executed, the attacker could gain elevated privileges and run arbitrary code with the same rights as the utility, compromising the system.

Impact

The primary risk associated with this vulnerability is arbitrary code execution. If exploited, an attacker could:

• Gain elevated privileges on the system.
• Execute malicious code that could compromise sensitive data.
• Potentially take full control of the affected system.

Recommended Mitigation Steps

To protect systems from this vulnerability, users should:

1. Update to the Latest Version: AMD has released a patched version (2.14.0.3205) that addresses this vulnerability. Users should download and install the latest version from AMD’s official website.
2. Verify Software Integrity: Ensure that the downloaded software is from an authentic source and verify checksums where possible.
3. Restrict User Privileges: Limit administrative privileges to reduce the risk of exploitation.
4. Monitor System Activity: Keep an eye on unusual system behavior and monitor logs for potential exploitation attempts.
5. Enable Security Software: Use reliable security solutions that can detect and block DLL hijacking attempts.

Technical Analysis

This vulnerability was reported by Pwni, a security researcher, and confirmed by AMD through internal testing. The issue occurs because the AMD Ryzen Master Utility does not implement adequate security checks when loading DLLs dynamically.

Breakdown of CVSS Score

• Attack Vector (AV): Local (L) – The attacker needs local access to exploit the vulnerability.
• Attack Complexity (AC): Low (L) – The attack does not require complex techniques.
• Privileges Required (PR): Low (L) – Limited privileges are required for exploitation.
• User Interaction (UI): Required (R) – The exploit needs some user action.
• Scope (S): Unchanged (U) – The vulnerability affects the same security boundary.
• Confidentiality (C): High (H) – Exploiting the vulnerability could expose sensitive information.
• Integrity (I): High (H) – The attacker can alter system integrity.
• Availability (A): High (H) – The attack could cause system crashes or instability.

Conclusion

This high-severity vulnerability highlights the importance of regularly updating system utilities and maintaining strong cybersecurity practices. To mitigate the risk, users of AMD Ryzen Master Utility should update to version 2.14.0.3205 or later as soon as possible. Organizations should also implement robust security monitoring to detect and prevent potential exploitation attempts.

Reference link: https://jocert.ncsc.jo/EN/ListDetails/Security_Alerts__Advisorites/1203/100

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9010.html

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.