Patch this AMD CPU vulnerability now, users warned

Ryzen Threadripper CPU Sitting On Top Of Product Box
(Image credit: Future)
Audio player loading…

Cybersecurity (opens in new tab) researchers have discovered an AMD (opens in new tab) chipset driver vulnerability that can be exploited to dump system memory and steal sensitive information.

The security researchers first discovered the flaw with Ryzen 2000- and 3000-series platforms, while AMD initially only listed Ryzen 1000 and older processors in its advisory. 

Tom’s Hardware raised the discrepancy, noted by the researchers in their report as well, and AMD has since updated its advisory to suggest that the issue affects its entire modern consumer processor lineup as well as several older models. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

The good news is that AMD has patched the vulnerability, and the updates were shipped through Microsoft’s September Patch Tuesday (opens in new tab) bundle. 

Patch immediately

Tracked as CVE-2021-26333 the vulnerability resides in the driver for AMD Platform Security Processor (PSP) (opens in new tab), which helps enable the operating system to process sensitive information inside cryptographically-secured portions of memory.

According to The Record (opens in new tab), Windows relies on the amdsps.sys driver to make use of the PSP feature. The researchers were able to compromise this driver to download several gigabytes of sensitive data as a non-admin user. 

Additionally, parsing through the detailed report, Tom’s Hardware notes that the researchers argue that the data obtained from exploiting the vulnerability could help attackers circumvent mitigations for exploits such as Spectre and Meltdown (opens in new tab).

Interestingly, AMD had reportedly already issued the patch several weeks ago, without sharing details (opens in new tab) about the issue until now.

Via Tom’s Hardware (opens in new tab)

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.