AMD Ryzen Master Utility Vulnerable to DLL Hijacking (CVE-2024-21966)

A newly discovered vulnerability in the AMD Ryzen Master Utility could allow attackers to escalate privileges and potentially execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2024-21966 and rated with a CVSS score of 7.3 (High), stems from the utility’s failure to prevent dynamic loading of DLLs.

The AMD Ryzen Master Utility is a popular tool used by owners of AMD Ryzen processors to optimize performance, monitor system parameters, and adjust settings like overclocking and power management. The DLL hijacking vulnerability allows attackers to exploit this functionality by replacing legitimate DLL files with malicious ones, potentially granting them control over the system.

“The researcher reported a DLL hijacking vulnerability that could allow an attacker to escalate privileges, resulting in arbitrary code execution,” the security bulletin explains. AMD has confirmed the vulnerability and its potential impact, stating that it “believes the reported vulnerability occurs because the AMD Ryzen™ Master Utility does not include checks to prevent a dynamic load of DLLs.”

This vulnerability poses a serious risk to users of the AMD Ryzen Master Utility, as successful exploitation could lead to a complete system compromise. Attackers could potentially gain access to sensitive data, install malware, or disrupt system operations.

To address this vulnerability, AMD has released an updated version of the Ryzen Master Utility. Users are strongly encouraged to update to version 2.14.0.3205 or higher to mitigate the risk of exploitation. This update includes security enhancements that prevent DLL hijacking attempts, ensuring the integrity and security of the utility.

Rate this post

Tags: CVE-2024-21966

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply