AMD issues warning about CPU vulnerability and releases a chipset patch

Security researchers have discovered a vulnerability in the AMD Platform Security Processor (PSP) chipset driver for multiple CPU architectures. Tracked as CVE-2021-26333, the security flaw is comparable with the likes of Spectre and Meltdown.

The vulnerability, found by ZeroPeril Ltd, can be exploited to grab data such as password from memory, and it affects a wide range of AMD processors. AMD has issued a patch which users are advised to install as soon as possible.

See also:

The security issue has been assigned a medium severity rating, and it is summarized by AMD as: "Low privileged malicious users may be able to access and leak data through the AMD Chipset Driver".

The full description for CVE-2021-26333 reads:

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver.  The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.

The company has offered some simple advice to anyone with an affected product:

AMD recommends updating to AMD PSP driver 5.17.0.0 through Windows Update or by updating to AMD Chipset Driver 3.08.17.735.

Here’s the full list of affected products:

  • 2nd Gen AMD Ryzen Mobile Processor with Radeon Graphics 
  • 2nd Gen AMD Ryzen Threadripper processor
  • 3rd Gen AMD Ryzen™ Threadripper™ Processors
  • 6th Generation AMD A series CPU with Radeon™ Graphics
  • 6th Generation AMD A-Series Mobile Processor  
  • 6th Generation AMD FX APU with Radeon™ R7 Graphics 
  • 7th Generation AMD A-Series APUs
  • 7th Generation AMD A-Series Mobile Processor  
  • 7th Generation AMD E-Series Mobile Processor
  • AMD A4-Series APU with Radeon Graphics 
  • AMD A6 APU with Radeon R5 Graphics
  • AMD A8 APU with Radeon R6 Graphics
  • AMD A10 APU with Radeon R6 Graphics
  • AMD 3000 Series Mobile Processors with Radeon™ Graphics 
  • AMD Athlon 3000 Series Mobile Processors with Radeon™ Graphics  
  • AMD Athlon Mobile Processors with Radeon™ Graphics 
  • AMD Athlon X4 Processor
  • AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics 
  • AMD Athlon™ X4 Processor
  • AMD E1-Series APU with Radeon Graphics
  • AMD Ryzen™ 1000 series Processor
  • AMD Ryzen™ 2000 series Desktop Processor
  • AMD Ryzen™ 2000 series Mobile Processor  
  • AMD Ryzen™ 3000 Series Desktop Processor
  • AMD Ryzen™ 3000 series Mobile Processor with  Radeon™ Graphics  
  • AMD Ryzen™ 3000 series Mobile Processor 
  • AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
  • AMD Ryzen™ 5000 Series Desktop Processor
  • AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics 
  • AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
  • AMD Ryzen™ Threadripper™ PRO Processor
  • AMD Ryzen™ Threadripper™ Processor

ZeroPeril's report is available here (PDF).

Image credit: Faiz Zaki/Shutterstock

2 Responses to AMD issues warning about CPU vulnerability and releases a chipset patch

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.