AMD, earlier today, published an advisory regarding a security vulnerability in its Ryzen Master overclocking utility. The security flaw has been assigned the ID "CVE-2022-27677" and AMD says that vulnerability could lead to privilege escalation and code execution. On the advisory, AMD explains:
Summary
AMD Ryzen™ Master is a software tool that gives users advanced, real-time control of system performance. AMD Ryzen™ Master allows the user to control various clock and voltage settings in real time.
CVE-2022-27677
Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user.
The vulnerability has already been patched by AMD in December. However, the information regarding the security bug was disclosed earlier today. The company recommends Windows 11 and Windows 10 users to update to the latest version of Ryzen Master, 2.10.1.2287, as it fixes this flaw.
Aside from the the Ryzen Master 2.10.1.2287 also fixes some bugs and adds new features:
Release Highlights
- Adds support for setting Maximum Temperature
Fixed Issues
- Issue related to CPU Voltage range is fixed. Users can now apply voltages beyond 1.52V.
Known Issues
- Not all features are visible or supported on Legacy Processors.
You can download Ryzen Master from AMD's official website here. In somewhat related news, it looks like the fTPM stuttering and freezing issue on Ryzen, that initially affected Windows platforms, is now showing up on Linux as well.