In brief: After finding several security flaws in Intel’s System Guard Extensions (SGX), security researchers have now revealed a flaw in AMD’s Platform Security Processor (PSP) chipset driver that makes it easy for attackers to seal sensitive data from Ryzen-powered systems. On the upside, there’s already patches available from both Microsoft and AMD to shut the exploit.
Recently, AMD disclosed a vulnerability in the AMD Platform Security Processor (PSP) chipset driver that allows malicious actors to dump memory pages and exact sensitive information such as passwords and storage decryption keys.
The flaw is tracked under CVE-2021-26333 and is considered medium severity. It affects a wide range of AMD-powered systems, with all Ryzen desktop, mobile, and workstation CPUs being affected. Additionally, PCs equipped with a 6th and 7th generation AMD A-series APU or modern Athlon processors are vulnerable to the same attack.
Security researcher Kyriakos Economou over at ZeroPeril discovered the flaw back in April. His team tested a proof-of-concept exploit on several AMD systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges. At the same time, this attack method can bypass exploitation mitigations like kernel address space layout randomization (KASLR).
The good news is there are patches available for this flaw. One way to ensure you get them is to download the latest AMD chipset drivers from TechSpot Drivers page or AMD’s own website. The driver was released a month ago, but at the time AMD chose not to fully disclose the security fixes contained in the release.
Another way to ensure your system is patched against this issue is to install Microsoft’s latest Patch Tuesday update. Before you do so, however, keep in mind that it will likely break network printing. For an in-depth read about the security flaw discovered by Kyriakos Economou, take a look here.