Millions of AMD PCs affected by new CPU driver flaw need to be patched ASAP

N

nanoguy

Posts: 1,355   +27
Staff member
In brief: After finding several security flaws in Intel's System Guard Extensions (SGX), security researchers have now revealed a flaw in AMD's Platform Security Processor (PSP) chipset driver that makes it easy for attackers to steal sensitive data from Ryzen-powered systems. On the upside, there's already patches available from both Microsoft and AMD to shut the exploit.

Recently, AMD disclosed a vulnerability in the AMD Platform Security Processor (PSP) chipset driver that allows malicious actors to dump memory pages and exact sensitive information such as passwords and storage decryption keys.

The flaw is tracked under CVE-2021-26333 and is considered medium severity. It affects a wide range of AMD-powered systems, with all Ryzen desktop, mobile, and workstation CPUs being affected. Additionally, PCs equipped with a 6th and 7th generation AMD A-series APU or modern Athlon processors are vulnerable to the same attack.

Security researcher Kyriakos Economou over at ZeroPeril discovered the flaw back in April. His team tested a proof-of-concept exploit on several AMD systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges. At the same time, this attack method can bypass exploitation mitigations like kernel address space layout randomization (KASLR).

The good news is there are patches available for this flaw. One way to ensure you get them is to download the latest AMD chipset drivers from TechSpot Drivers page or AMD's own website. The driver was released a month ago, but at the time AMD chose not to fully disclose the security fixes contained in the release.

Another way to ensure your system is patched against this issue is to install Microsoft's latest Patch Tuesday update. Before you do so, however, keep in mind that it will likely break network printing. For an in-depth read about the security flaw discovered by Kyriakos Economou, take a look here.

Permalink to story.

https://www.techspot.com/news/91322-millions-amd-pcs-affected-new-cpu-flaw-need.html

 
"His team tested a proof-of-concept exploit on several AMD systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges."

I don't think I have to worry too much about this one.
 
Last edited:
  • Like
Reactions: Avro Arrow, MWR01, Charles Olson and 3 others
Sausagemeat said:
Does the patch affect performance?
Click to expand...
Seems to be simple bug to be fixed without performance penalties.

nnguy2 said:
"His team tested a proof-of-concept exploit on several AMD systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges."

I don't think I have to worry too much about this one.
Click to expand...
Low privileges = non admin...
 
  • Like
Reactions: Avro Arrow, Charles Olson and Irata
nnguy2 said:
"His team tested a proof-of-concept exploit on several AMD systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges."

I don't think I have to worry too much about this one.
Click to expand...
On your home PC probably not, for office type systems definitely.

The question is if this can be exploited remotely when a low privilege user is logged on locally - there are people who have two users - low privilege for lower risk everyday use and admin when they need to make changes / install something.

 
  • Like
Reactions: Avro Arrow
Quick question / comment: Looking at the detailed issue description, this neither seems to be a CPU or hardware bug but rather a software (chipset driver) issue.

ZeroPeril Ltd has discovered two issues inside the amdpsp.sys (v4.13.0.0) kernel driver module that ships the AMD Chipset Drivers package for multiple AMD chipsets
Click to expand...
 
  • Like
Reactions: Avro Arrow, TechZel and BadThad
"Another way to ensure your system is patched against this issue is to install Microsoft's latest Patch Tuesday update. Before you do so, however, keep in mind that it will likely break network printing."

Maybe change "likely" to "possibly"... it's not that likely at all...
 
  • Like
Reactions: Avro Arrow and Ludak021
Ah, Intel all over again. Now that AMD is #1 en masse "security firms" turn their head from Intel to AMD and miraculously find exploits that cannot be used, but do affect the products marketing and image so they demand a payout or they release this information to public.

They didn't receive the payout.
 
  • Like
Reactions: qtbrn and Sausagemeat
Ludak021 said:
Ah, Intel all over again. Now that AMD is #1 en masse "security firms" turn their head from Intel to AMD and miraculously find exploits that cannot be used, but do affect the products marketing and image so they demand a payout or they release this information to public.

They didn't receive the payout.
Click to expand...

I actually think it‘s very good researcher caught this driver / software issue. That way it was fixed.

What I do mind is media misrepresenting this as a CPU hardware issue.
 
  • Like
Reactions: Avro Arrow, qtbrn, Sausagemeat and 5 others
Ludak021 said:
Ah, Intel all over again. Now that AMD is #1 en masse "security firms" turn their head from Intel to AMD and miraculously find exploits that cannot be used, but do affect the products marketing and image so they demand a payout or they release this information to public.

They didn't receive the payout.
Click to expand...
Given they waited five months until after patches were widely available, it does not sound like they were looking to extort anyone.

If they were a blackhat sort of firm they would have sold the exploit or threatened to leak it in April before there was a fix ready.
 
  • Like
Reactions: Avro Arrow
Ludak021 said:
Ah, Intel all over again. Now that AMD is #1 en masse "security firms" turn their head from Intel to AMD and miraculously find exploits that cannot be used, but do affect the products marketing and image so they demand a payout or they release this information to public.

They didn't receive the payout.
Click to expand...
Heavy accusations with nothing to back them up. If you bothered to check the links you would see the following in the AMD page
<<Acknowledgement

AMD thanks Kyriakos Economou from ZeroPeril Ltd for reporting this issue and engaging in coordinated vulnerability disclosure.>>
 
  • Like
Reactions: Irata and Squid Surprise
Oh Christ....

Well, I better go and get it before someone saps my "millions of dollars". :laughing:

I just hope that I remember to actually install the new chipset driver.
 
Anyone had force updates with Windows 10? 1-3 days ago I had an update and chose to ignore it well when I went to bed I woke up and turned my PC on and it started the update by itself! I had this issue in the past. Really makes me mad that if you ignore the update the next few times to turn your PC on it does it forcefully.
 
brucek said:
Given they waited five months until after patches were widely available, it does not sound like they were looking to extort anyone.

If they were a blackhat sort of firm they would have sold the exploit or threatened to leak it in April before there was a fix ready.
Click to expand...
It's not extortion. The deal is, afaik, if an entity finds a flaw, they report it to company that has the said flaw, and they don't repot the findings for some time, usually 6 months. If no action is taken by the said company, the entity then proceeds to make information publicly available, since public deserves to know, one way or the other.
I am talking about the potential security issues or bugs end user might experience.

I know these security flaws are b$ at best and a paraplegic unable to defend his computer physically from the hacker at the worst.
Still, it is what it is. A sh show. It was for Intel, it will be for AMD.

PS. I am not disagreeing with you. :)
 
Holy Cow... according to Techspot, if you dont get the chipset patch, your CPU is liable to melt..!

Patch Immediately per Techspot..! (Even though most users already have)
 
nodfor said:
Heavy accusations with nothing to back them up. If you bothered to check the links you would see the following in the AMD page
<<Acknowledgement

AMD thanks Kyriakos Economou from ZeroPeril Ltd for reporting this issue and engaging in coordinated vulnerability disclosure.>>
Click to expand...
I CAN back them up, I just don't care. Not my job.
Can you stand up for the claims that were made by AMD? I wouldn't. They are lying sacks of sh . They all are, they are companies, they lie, they sell, they cheat.
 
Is there some software I can install on my PC to regularly check and inform me that some AMD firmware/software update is available (for my X570 5950X system) ?

Every few months I think that probably some chipset driver or something is out-of-date but I don't really know of easy AMD software to tell me. Do I have to keep going to support page and downloading newest "radeon-software" executable? I don't have an AMD GPU.
 
You must log in or register to reply here.

Similar threads

A
DARPA and Northrop Grumman are exploring the concept of a lunar train and railroad system
Replies
7
Views
280
Endymio
Endymio
midian182
Government review criticizes Microsoft for security lapses in "preventable" Exchange hack
Replies
0
Views
98
midian182
midian182
midian182
Despite increasing to $16.8 million, Intel CEO Pat Gelsinger's compensation still pales in comparison to AMD's Lisa Su
Replies
9
Views
192
Silkaura
S

Latest posts

Back