AMD Chipset Driver Bug Allows Bypassing KASLR And Accessing Sensitive Data

AMD engineers fixed a bug in the chipset driver, and the company advised Windows users to update systems as soon as possible, since the vulnerability could be used to dump system memory and steal confidential information from the target machine.

The vulnerability has the identifier CVE-2021-26333 and was discovered by ZeroPeril specialists. The bug was related to the operation of Processor Platform Security (PSP), the equivalent of AMD’s Intel SGX technology. For example, AMD PSP creates secure enclaves inside AMD processors that allow the operating system to process sensitive information in cryptographically protected memory.

Windows relies on the amdsps.sys kernel driver to communicate with PSP enclaves, and researchers at ZeroPeril write that they have found a number of problems with it. During testing, they were able to retrieve several gigabytes of uninitialized physical pages, and the content of those pages ranged from kernel objects and arbitrary pool addresses that could be used to bypass KASLR, extract NTLM hashes and user authentication credentials.

Experts successfully tested the exploitation of the CVE-2021-26333 vulnerability on AMD Ryzen 2000 and 3000 series processors before reporting the issue to the manufacturer in April this year.

When Microsoft released the patches as part of the September Patch Tuesday, AMD posted a message urging users to install the updates as soon as possible, as they also contain patches for the PSP chipset driver.

According to the company, the vulnerability threatens the following processors:

  1. 6th Gen AMD FX APU with Radeon R7 Graphics;
  2. AMD A10 APU with Radeon R6 graphics;
  3. AMD A8 APU with Radeon R6 graphics;
  4. AMD A6 APU with Radeon R5 graphics;
  5. AMD A4 Series APU with Radeon Graphics;
  6. AMD Athlon X4;
  7. AMD E1 Series APU with Radeon Graphics;
  8. AMD Ryzen 1000 Series.
AMD recommends [users] to update to AMD PSP driver via Windows Update, or update AMD Chipset Driver to version company said.

Let me remind you that we wrote that AMD Zen 3 processors are vulnerable to side-channel attacks.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button