CVE-2022-27677: AMD Ryzen Master Privilege Escalation Vulnerability

Recently, AMD revealed that there is a high-severity vulnerability in the Ryzen Master software, which may allow an attacker to take full control of the system. So Ryzen Master version 2.10.1.2287 for Windows 10 & Windows 11 operating systems was released to fix the issue.

Tracked as CVE-2022-27677, AMD Ryzen Master could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper privilege validation during installation. By using specially-crafted installation files, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges on the system.

Every AMD Ryzen processor is multiplier-unlocked from the factory, so you can personalize performance to your taste. AMD provides the AMD Ryzen Master utility to access this powerful advantage. As AMD Ryzen Master has evolved to support an increasingly diverse set of CPU products and features, the user interface has also grown increasingly complex.

“Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user,” AMD wrote in its security bulletin.

AMD has credited Conor McNamara for reporting this issue and engaging in coordinated vulnerability disclosure.