Patch this AMD CPU vulnerability now, users warned

Ryzen Threadripper CPU Sitting On Top Of Product Box
(Image credit: Future)

Cybersecurity researchers have discovered an AMD chipset driver vulnerability that can be exploited to dump system memory and steal sensitive information.

The security researchers first discovered the flaw with Ryzen 2000- and 3000-series platforms, while AMD initially only listed Ryzen 1000 and older processors in its advisory. 

Tom’s Hardware raised the discrepancy, noted by the researchers in their report as well, and AMD has since updated its advisory to suggest that the issue affects its entire modern consumer processor lineup as well as several older models. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

The good news is that AMD has patched the vulnerability, and the updates were shipped through Microsoft’s September Patch Tuesday bundle. 

Patch immediately

Tracked as CVE-2021-26333 the vulnerability resides in the driver for AMD Platform Security Processor (PSP), which helps enable the operating system to process sensitive information inside cryptographically-secured portions of memory.

According to The Record, Windows relies on the amdsps.sys driver to make use of the PSP feature. The researchers were able to compromise this driver to download several gigabytes of sensitive data as a non-admin user. 

Additionally, parsing through the detailed report, Tom’s Hardware notes that the researchers argue that the data obtained from exploiting the vulnerability could help attackers circumvent mitigations for exploits such as Spectre and Meltdown.

Interestingly, AMD had reportedly already issued the patch several weeks ago, without sharing details about the issue until now.

Via Tom’s Hardware

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.