News AMD Confirms Its GPU Drivers Are Overclocking CPUs Without Asking

JamesJones44

Prominent
Jan 22, 2021
130
80
660
0
Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.
 
Reactions: Why_Me
Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.
Which would only be a problem if a malicious actor managed to get AMD's private key that's used to sign the drivers. Otherwise, it's very hard to install an untrusted driver.
 
Reactions: Mandark and King_V

wifiburger

Honorable
Feb 21, 2016
552
62
11,090
9
Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.
if that's your concern, the Ryzen master DLL is already running if you have RyzenMaster installed (check Autoruns -Sysinternal tool under Drivers section)

there's no safety checks for writing bios settings on AMD; any malicious software could technically do it and if the DLL is not there it can get loaded
 
Last edited:

tommo1982

Distinguished
Dec 5, 2010
78
30
18,560
0
Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.
... and he'd what. Make the system crash? Unless one of the safety mechanisms is faulty the PC would freeze or shutdown. Phishing or ransomware is much more dangerous. CPU/mobo you can replace. Your life's savings... not so much.
 
Apr 5, 2022
1
0
10
0
I'm not managing my CPUs overclock and am having zero stability issues for the last year while updating Adrenaline each time, while using both an AMD processor and GPU.
 

TJ Hooker

Champion
Ambassador
if that's your concern, the Ryzen master DLL is already running if you have RyzenMaster installed (check Autoruns -Sysinternal tool under Drivers section)

there's no safety checks for writing bios settings on AMD; any malicious software could technically do it and if the DLL is not there it can get loaded
Even if this is true (and I have no idea if it is), I'm going to assume that the malicious software would need administrative privileges to do that. And if you have malware running with admin privileges then you're already screwed, regardless of whether it can modify BIOS settings.
 

JamesJones44

Prominent
Jan 22, 2021
130
80
660
0
if that's your concern, the Ryzen master DLL is already running if you have RyzenMaster installed (check Autoruns -Sysinternal tool under Drivers section)

there's no safety checks for writing bios settings on AMD; any malicious software could technically do it and if the DLL is not there it can get loaded
That's even worse, loading and calling a DLL at runtime is trivial, someone with no coding experience could do that with simple StackOverflow searches.
 

Giroro

Distinguished
Jan 22, 2015
953
318
19,390
13
Except that's precisely what RyzenMaster was created to do. And as well the Radeon Settings app...and Nvidia's control panel...have been doing the same for GPU's for a long, long time.
Ryzen Master didn't used to have the ability to change the actual BIOS. It would just run the overclock in Windows, similar to Afterburner.
It would take priority over the BIOS settings once Windows booted, but it couldn't change them.
 

Alvar "Miles" Udell

Respectable
Apr 1, 2020
562
296
2,260
0
The biggest problem would be to people like me who both overclock and undervolt. I run my 3700X at 4.2ghz 1.2v, even PBO with max settings doesn't even hit 4.1ghz all core speed using -a lot- more voltage.
 

Giroro

Distinguished
Jan 22, 2015
953
318
19,390
13
How is it possible for an app running in Windows to have control over the BIOS? Windows itself should not be allowed that level of access to the hardware, and it is extremely troubling if it does. Your BIOS is embedded in the motherboard and runs independently of the OS, and it is very important for it to stay that way.

If a Windows app can make these changes, then what exactly is supposed to be stopping a virus from flashing itself permanently into the motherboard?
What is preventing Windows from, for example, forcing your motherboard to brick itself if you try to install linux? It should be fundamentally impossible for any OS to be allowed that level of control over your hardware.
 
How is it possible for an app running in Windows to have control over the BIOS? Windows itself should not be allowed that level of access to the hardware, and it is extremely troubling if it does. Your BIOS is embedded in the motherboard and runs independently of the OS, and it is very important for it to stay that way.

If a Windows app can make these changes, then what exactly is supposed to be stopping a virus from flashing itself permanently into the motherboard?
What is preventing Windows from, for example, forcing your motherboard to brick itself if you try to install linux? It should be fundamentally impossible for any OS to be allowed that level of control over your hardware.
Every OS allows you to directly update the firmware from it. I get occasional firmware updates for my laptop from ASUS through Windows update and firmware updates from Dell for my XPS 13 from Ubuntu's apt repo. You can't expect everyone to be able to update their firmware by sticking it on a thumb drive, going into the firmware settings, and updating from there. Especially in a corporate setting when people don't normally have access to the motherboard firmware and IT can't access the computer unless an OS is running. And you can't expect people to turn in their computers for a firmware update since that means downtime.

The only thing that's preventing something wrong from happening is it requires admin privileges to do this. Which you know, I hope you're not blindly clicking OK on the UAC prompt every time it comes up.

EDIT: Additionally digital signatures make it hard for people to spoof the firmware. This is why Microsoft has been pushing the TPM requirement hard. So even if you uploaded malicious firmware, if it doesn't have the right digital signature, the computer's going to fail to boot.

And hopefully there's a back-up on the motherboard it can fall back to.
 
Last edited:
Reactions: TJ Hooker
Ryzen Master didn't used to have the ability to change the actual BIOS. It would just run the overclock in Windows, similar to Afterburner.
It would take priority over the BIOS settings once Windows booted, but it couldn't change them.
That's also what I thought made the original RM behavior so good too...if your OC demonstration went south it would ALWAYS restart in stock, "safe", settings because the BIOS wasn't changed.
 
LOL...Yes, I think many of us do! Pavlovian conditioning being what it is. That why it's gets to be increasingly worthless when more and more of what you do requires a UAC click-through.
I wish Microsoft would update to what macOS and Linux do: require you to enter a password. Then it slows you down and you'll think why you're getting that prompt.

But running as a Standard User account does the trick just fine.
 
I wish Microsoft would update to what macOS and Linux do: require you to enter a password. Then it slows you down and you'll think why you're getting that prompt.

But running as a Standard User account does the trick just fine.
I've tried running as a bog-standard User account... can't stand it. I realize I like fiddling with things too often. It's my machine, I know how to flatten the OS and fresh install if I go too far so I'll deal with it. I'm way more likely to just completely disable UAC than do that now.

I'd be a lot different about that if running a network server or shared machine with several user accounts who also use it.
 

ASK THE COMMUNITY

TRENDING THREADS