The security researchers first discovered the flaw with Ryzen 2000- and 3000-series platforms, while AMD initially only listed Ryzen 1000 and older processors in its advisory.
Tom’s Hardware raised the discrepancy, noted by the researchers in their report as well, and AMD has since updated its advisory to suggest that the issue affects its entire modern consumer processor lineup as well as several older models.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- Protect your devices with these best antivirus software (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- These are the best ransomware protection tools (opens in new tab)
The good news is that AMD has patched the vulnerability, and the updates were shipped through Microsoft’s September Patch Tuesday (opens in new tab) bundle.
Tracked as CVE-2021-26333 the vulnerability resides in the driver for AMD Platform Security Processor (PSP) (opens in new tab), which helps enable the operating system to process sensitive information inside cryptographically-secured portions of memory.
According to The Record (opens in new tab), Windows relies on the amdsps.sys driver to make use of the PSP feature. The researchers were able to compromise this driver to download several gigabytes of sensitive data as a non-admin user.
Additionally, parsing through the detailed report, Tom’s Hardware notes that the researchers argue that the data obtained from exploiting the vulnerability could help attackers circumvent mitigations for exploits such as Spectre and Meltdown (opens in new tab).
Interestingly, AMD had reportedly already issued the patch several weeks ago, without sharing details (opens in new tab) about the issue until now.
- These are the best endpoint protection tools (opens in new tab)
Via Tom’s Hardware (opens in new tab)