AMD issues warning about CPU vulnerability and releases a chipset patch
Security researchers have discovered a vulnerability in the AMD Platform Security Processor (PSP) chipset driver for multiple CPU architectures. Tracked as CVE-2021-26333, the security flaw is comparable with the likes of Spectre and Meltdown.
The vulnerability, found by ZeroPeril Ltd, can be exploited to grab data such as password from memory, and it affects a wide range of AMD processors. AMD has issued a patch which users are advised to install as soon as possible.
See also:
- New malware uses Windows Subsystem for Linux as an attack vector
- Microsoft even requires TPM 2.0 for Windows 11 virtual machines
- AMD releases Radeon and Ryzen drivers for Windows 11 with new overclocking options
The security issue has been assigned a medium severity rating, and it is summarized by AMD as: "Low privileged malicious users may be able to access and leak data through the AMD Chipset Driver".
The full description for CVE-2021-26333 reads:
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
The company has offered some simple advice to anyone with an affected product:
AMD recommends updating to AMD PSP driver 5.17.0.0 through Windows Update or by updating to AMD Chipset Driver 3.08.17.735.
Here’s the full list of affected products:
- 2nd Gen AMD Ryzen Mobile Processor with Radeon Graphics
- 2nd Gen AMD Ryzen Threadripper processor
- 3rd Gen AMD RyzenTM ThreadripperTM Processors
- 6th Generation AMD A series CPU with RadeonTM Graphics
- 6th Generation AMD A-Series Mobile Processor
- 6th Generation AMD FX APU with RadeonTM R7 Graphics
- 7th Generation AMD A-Series APUs
- 7th Generation AMD A-Series Mobile Processor
- 7th Generation AMD E-Series Mobile Processor
- AMD A4-Series APU with Radeon Graphics
- AMD A6 APU with Radeon R5 Graphics
- AMD A8 APU with Radeon R6 Graphics
- AMD A10 APU with Radeon R6 Graphics
- AMD 3000 Series Mobile Processors with RadeonTM Graphics
- AMD Athlon 3000 Series Mobile Processors with RadeonTM Graphics
- AMD Athlon Mobile Processors with RadeonTM Graphics
- AMD Athlon X4 Processor
- AMD AthlonTM 3000 Series Mobile Processors with RadeonTM Graphics
- AMD AthlonTM X4 Processor
- AMD E1-Series APU with Radeon Graphics
- AMD RyzenTM 1000 series Processor
- AMD RyzenTM 2000 series Desktop Processor
- AMD RyzenTM 2000 series Mobile Processor
- AMD RyzenTM 3000 Series Desktop Processor
- AMD RyzenTM 3000 series Mobile Processor with RadeonTM Graphics
- AMD RyzenTM 3000 series Mobile Processor
- AMD RyzenTM 4000 Series Desktop Processor with RadeonTM Graphics
- AMD RyzenTM 5000 Series Desktop Processor
- AMD RyzenTM 5000 Series Desktop Processor with RadeonTM Graphics
- AMD RyzenTM 5000 Series Mobile Processors with RadeonTM Graphics
- AMD RyzenTM ThreadripperTM PRO Processor
- AMD RyzenTM ThreadripperTM Processor
ZeroPeril's report is available here (PDF).
Image credit: Faiz Zaki/Shutterstock