Millions of AMD PCs affected by new CPU driver flaw need to be patched ASAP

nanoguy

Posts: 967   +14
Staff member
In brief: After finding several security flaws in Intel's System Guard Extensions (SGX), security researchers have now revealed a flaw in AMD's Platform Security Processor (PSP) chipset driver that makes it easy for attackers to steal sensitive data from Ryzen-powered systems. On the upside, there's already patches available from both Microsoft and AMD to shut the exploit.

Recently, AMD disclosed a vulnerability in the AMD Platform Security Processor (PSP) chipset driver that allows malicious actors to dump memory pages and exact sensitive information such as passwords and storage decryption keys.

The flaw is tracked under CVE-2021-26333 and is considered medium severity. It affects a wide range of AMD-powered systems, with all Ryzen desktop, mobile, and workstation CPUs being affected. Additionally, PCs equipped with a 6th and 7th generation AMD A-series APU or modern Athlon processors are vulnerable to the same attack.

Security researcher Kyriakos Economou over at ZeroPeril discovered the flaw back in April. His team tested a proof-of-concept exploit on several AMD systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges. At the same time, this attack method can bypass exploitation mitigations like kernel address space layout randomization (KASLR).

The good news is there are patches available for this flaw. One way to ensure you get them is to download the latest AMD chipset drivers from TechSpot Drivers page or AMD's own website. The driver was released a month ago, but at the time AMD chose not to fully disclose the security fixes contained in the release.

Another way to ensure your system is patched against this issue is to install Microsoft's latest Patch Tuesday update. Before you do so, however, keep in mind that it will likely break network printing. For an in-depth read about the security flaw discovered by Kyriakos Economou, take a look here.

Permalink to story.

 

nnguy2

Posts: 310   +612
"His team tested a proof-of-concept exploit on several AMD systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges."

I don't think I have to worry too much about this one.
 
Last edited:

HardReset

Posts: 1,262   +924
Does the patch affect performance?
Seems to be simple bug to be fixed without performance penalties.

"His team tested a proof-of-concept exploit on several AMD systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges."

I don't think I have to worry too much about this one.
Low privileges = non admin...
 

Irata

Posts: 1,714   +2,867
"His team tested a proof-of-concept exploit on several AMD systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges."

I don't think I have to worry too much about this one.
On your home PC probably not, for office type systems definitely.

The question is if this can be exploited remotely when a low privilege user is logged on locally - there are people who have two users - low privilege for lower risk everyday use and admin when they need to make changes / install something.

 

Irata

Posts: 1,714   +2,867
Quick question / comment: Looking at the detailed issue description, this neither seems to be a CPU or hardware bug but rather a software (chipset driver) issue.

ZeroPeril Ltd has discovered two issues inside the amdpsp.sys (v4.13.0.0) kernel driver module that ships the AMD Chipset Drivers package for multiple AMD chipsets
 

Squid Surprise

Posts: 4,231   +3,438
"Another way to ensure your system is patched against this issue is to install Microsoft's latest Patch Tuesday update. Before you do so, however, keep in mind that it will likely break network printing."

Maybe change "likely" to "possibly"... it's not that likely at all...
 

Ludak021

Posts: 545   +394
Ah, Intel all over again. Now that AMD is #1 en masse "security firms" turn their head from Intel to AMD and miraculously find exploits that cannot be used, but do affect the products marketing and image so they demand a payout or they release this information to public.

They didn't receive the payout.
 

Irata

Posts: 1,714   +2,867
Ah, Intel all over again. Now that AMD is #1 en masse "security firms" turn their head from Intel to AMD and miraculously find exploits that cannot be used, but do affect the products marketing and image so they demand a payout or they release this information to public.

They didn't receive the payout.

I actually think it‘s very good researcher caught this driver / software issue. That way it was fixed.

What I do mind is media misrepresenting this as a CPU hardware issue.
 

brucek

Posts: 893   +1,293
Ah, Intel all over again. Now that AMD is #1 en masse "security firms" turn their head from Intel to AMD and miraculously find exploits that cannot be used, but do affect the products marketing and image so they demand a payout or they release this information to public.

They didn't receive the payout.
Given they waited five months until after patches were widely available, it does not sound like they were looking to extort anyone.

If they were a blackhat sort of firm they would have sold the exploit or threatened to leak it in April before there was a fix ready.
 

nodfor

Posts: 106   +182
Ah, Intel all over again. Now that AMD is #1 en masse "security firms" turn their head from Intel to AMD and miraculously find exploits that cannot be used, but do affect the products marketing and image so they demand a payout or they release this information to public.

They didn't receive the payout.
Heavy accusations with nothing to back them up. If you bothered to check the links you would see the following in the AMD page
<<Acknowledgement

AMD thanks Kyriakos Economou from ZeroPeril Ltd for reporting this issue and engaging in coordinated vulnerability disclosure.>>
 

Avro Arrow

Posts: 1,800   +2,152
TechSpot Elite
Oh Christ....

Well, I better go and get it before someone saps my "millions of dollars". :laughing:

I just hope that I remember to actually install the new chipset driver.
 

Dimitrios

Posts: 899   +675
Anyone had force updates with Windows 10? 1-3 days ago I had an update and chose to ignore it well when I went to bed I woke up and turned my PC on and it started the update by itself! I had this issue in the past. Really makes me mad that if you ignore the update the next few times to turn your PC on it does it forcefully.
 

Ludak021

Posts: 545   +394
Given they waited five months until after patches were widely available, it does not sound like they were looking to extort anyone.

If they were a blackhat sort of firm they would have sold the exploit or threatened to leak it in April before there was a fix ready.
It's not extortion. The deal is, afaik, if an entity finds a flaw, they report it to company that has the said flaw, and they don't repot the findings for some time, usually 6 months. If no action is taken by the said company, the entity then proceeds to make information publicly available, since public deserves to know, one way or the other.
I am talking about the potential security issues or bugs end user might experience.

I know these security flaws are b$ at best and a paraplegic unable to defend his computer physically from the hacker at the worst.
Still, it is what it is. A sh show. It was for Intel, it will be for AMD.

PS. I am not disagreeing with you. :)
 

m3tavision

Posts: 683   +449
Holy Cow... according to Techspot, if you dont get the chipset patch, your CPU is liable to melt..!

Patch Immediately per Techspot..! (Even though most users already have)
 

Ludak021

Posts: 545   +394
Heavy accusations with nothing to back them up. If you bothered to check the links you would see the following in the AMD page
<<Acknowledgement

AMD thanks Kyriakos Economou from ZeroPeril Ltd for reporting this issue and engaging in coordinated vulnerability disclosure.>>
I CAN back them up, I just don't care. Not my job.
Can you stand up for the claims that were made by AMD? I wouldn't. They are lying sacks of sh . They all are, they are companies, they lie, they sell, they cheat.
 

geogan

Posts: 21   +14
Is there some software I can install on my PC to regularly check and inform me that some AMD firmware/software update is available (for my X570 5950X system) ?

Every few months I think that probably some chipset driver or something is out-of-date but I don't really know of easy AMD software to tell me. Do I have to keep going to support page and downloading newest "radeon-software" executable? I don't have an AMD GPU.