News AMD Confirms Its GPU Drivers Are Overclocking CPUs Without Asking

[Admin]

AMD has confirmed to Tom's Hardware that a bug in its Adrenalin GPU drivers is causing changes to CPU settings in the BIOS, which results in the CPU being overclocked without the user's permission.

AMD Confirms Its GPU Drivers Are Overclocking CPUs Without Asking : Read more

 

[JamesJones44]

Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.

 

[hotaru.hino]

Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.

Which would only be a problem if a malicious actor managed to get AMD's private key that's used to sign the drivers. Otherwise, it's very hard to install an untrusted driver.

 

[Kamen Rider Blade]

I'm sure AMD will fix it soon enough.

 

[peachpuff]

I'm sure AMD will fix it soon enough.

But... but it's a feature!

 

[wifiburger]

Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.

if that's your concern, the Ryzen master DLL is already running if you have RyzenMaster installed (check Autoruns -Sysinternal tool under Drivers section)

there's no safety checks for writing bios settings on AMD; any malicious software could technically do it and if the DLL is not there it can get loaded

 

[Why_Me]

I'm sure AMD will fix it soon enough.

Like they did with their USB ports?

 

[Deleted member 431422]

Having this ability seems like a bad idea. If a simple driver can alter the bios settings, this could be used by malicious 3rd party driver to wreak havoc on a system if they decided it was fun.

... and he'd what. Make the system crash? Unless one of the safety mechanisms is faulty the PC would freeze or shutdown. Phishing or ransomware is much more dangerous. CPU/mobo you can replace. Your life's savings... not so much.

 

[Deleted member 431422]

AMD has confirmed to Tom's Hardware that a bug in its Adrenalin GPU drivers is causing changes to CPU settings in the BIOS, which results in the CPU being overclocked without the user's permission.

AMD Confirms Its GPU Drivers Are Overclocking CPUs Without Asking : Read more

That was fast. Luckily we will have new adrenaline driver with a fix, soon.

 

[B-Bus-Ch]

I'm not managing my CPUs overclock and am having zero stability issues for the last year while updating Adrenaline each time, while using both an AMD processor and GPU.

 

[TJ Hooker]

if that's your concern, the Ryzen master DLL is already running if you have RyzenMaster installed (check Autoruns -Sysinternal tool under Drivers section)

there's no safety checks for writing bios settings on AMD; any malicious software could technically do it and if the DLL is not there it can get loaded

Even if this is true (and I have no idea if it is), I'm going to assume that the malicious software would need administrative privileges to do that. And if you have malware running with admin privileges then you're already screwed, regardless of whether it can modify BIOS settings.

 

[JamesJones44]

if that's your concern, the Ryzen master DLL is already running if you have RyzenMaster installed (check Autoruns -Sysinternal tool under Drivers section)

there's no safety checks for writing bios settings on AMD; any malicious software could technically do it and if the DLL is not there it can get loaded

That's even worse, loading and calling a DLL at runtime is trivial, someone with no coding experience could do that with simple StackOverflow searches.

 

[Giroro]

Except that's precisely what RyzenMaster was created to do. And as well the Radeon Settings app...and Nvidia's control panel...have been doing the same for GPU's for a long, long time.

Ryzen Master didn't used to have the ability to change the actual BIOS. It would just run the overclock in Windows, similar to Afterburner.
It would take priority over the BIOS settings once Windows booted, but it couldn't change them.

 

[Alvar "Miles" Udell]

The biggest problem would be to people like me who both overclock and undervolt. I run my 3700X at 4.2ghz 1.2v, even PBO with max settings doesn't even hit 4.1ghz all core speed using -a lot- more voltage.

 

[Giroro]

How is it possible for an app running in Windows to have control over the BIOS? Windows itself should not be allowed that level of access to the hardware, and it is extremely troubling if it does. Your BIOS is embedded in the motherboard and runs independently of the OS, and it is very important for it to stay that way.

If a Windows app can make these changes, then what exactly is supposed to be stopping a virus from flashing itself permanently into the motherboard?
What is preventing Windows from, for example, forcing your motherboard to brick itself if you try to install linux? It should be fundamentally impossible for any OS to be allowed that level of control over your hardware.

 

[hotaru.hino]

How is it possible for an app running in Windows to have control over the BIOS? Windows itself should not be allowed that level of access to the hardware, and it is extremely troubling if it does. Your BIOS is embedded in the motherboard and runs independently of the OS, and it is very important for it to stay that way.

If a Windows app can make these changes, then what exactly is supposed to be stopping a virus from flashing itself permanently into the motherboard?
What is preventing Windows from, for example, forcing your motherboard to brick itself if you try to install linux? It should be fundamentally impossible for any OS to be allowed that level of control over your hardware.

Every OS allows you to directly update the firmware from it. I get occasional firmware updates for my laptop from ASUS through Windows update and firmware updates from Dell for my XPS 13 from Ubuntu's apt repo. You can't expect everyone to be able to update their firmware by sticking it on a thumb drive, going into the firmware settings, and updating from there. Especially in a corporate setting when people don't normally have access to the motherboard firmware and IT can't access the computer unless an OS is running. And you can't expect people to turn in their computers for a firmware update since that means downtime.

The only thing that's preventing something wrong from happening is it requires admin privileges to do this. Which you know, I hope you're not blindly clicking OK on the UAC prompt every time it comes up.

EDIT: Additionally digital signatures make it hard for people to spoof the firmware. This is why Microsoft has been pushing the TPM requirement hard. So even if you uploaded malicious firmware, if it doesn't have the right digital signature, the computer's going to fail to boot.

And hopefully there's a back-up on the motherboard it can fall back to.

 

[drea.drechsler]

.... I hope you're not blindly clicking OK on the UAC prompt every time it comes up.

LOL...Yes, I think many of us do! Pavlovian conditioning being what it is. That why it's gets to be increasingly worthless when more and more of what you do requires a UAC click-through.

 

[drea.drechsler]

Ryzen Master didn't used to have the ability to change the actual BIOS. It would just run the overclock in Windows, similar to Afterburner.
It would take priority over the BIOS settings once Windows booted, but it couldn't change them.

That's also what I thought made the original RM behavior so good too...if your OC demonstration went south it would ALWAYS restart in stock, "safe", settings because the BIOS wasn't changed.

 

[hotaru.hino]

LOL...Yes, I think many of us do! Pavlovian conditioning being what it is. That why it's gets to be increasingly worthless when more and more of what you do requires a UAC click-through.

I wish Microsoft would update to what macOS and Linux do: require you to enter a password. Then it slows you down and you'll think why you're getting that prompt.

But running as a Standard User account does the trick just fine.

 

[drea.drechsler]

I wish Microsoft would update to what macOS and Linux do: require you to enter a password. Then it slows you down and you'll think why you're getting that prompt.

But running as a Standard User account does the trick just fine.

I've tried running as a bog-standard User account... can't stand it. I realize I like fiddling with things too often. It's my machine, I know how to flatten the OS and fresh install if I go too far so I'll deal with it. I'm way more likely to just completely disable UAC than do that now.

I'd be a lot different about that if running a network server or shared machine with several user accounts who also use it.

 

[hotaru.hino]

I've tried running as a bog-standard User account... can't stand it. I realize I like fiddling with things too often. It's my machine, I know how to flatten the OS and fresh install if I go too far so I'll deal with it. I'm way more likely to just completely disable UAC than do that now.

Man all this security is just getting in the way of muh performance.

 

[alceryes]

Hmmm. Is it actually a bug or is it AMD's sneaky way of getting more performance for some while causing instability for others.
Whoops, forgot I had this on. [takes off tinfoil hat]

 

[alceryes]

Man all this security is just getting in the way of muh performance.

You can actually turn off the software-side protections for a conditional small performance gain.
https://www.grc.com/inspectre.htm

 

[peterf28]

Should I buy Intel or AMD ?

 

[drivinfast247]

Should I buy Intel or AMD ?

For?