CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system.

Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system.

The vulnerability is an information disclosure issue, an attacker can trigger it by sending requests to the driver resulting in a potential data leak from uninitialized physical pages.

The flaw was reported by Kyriakos Economou from ZeroPeril.

“We recently discovered a critical information disclosure vulnerability that affected the AMD Platform Security Processor (PSP) chipset driver for multiple CPU architectures.” reads the security advisory. “The vulnerability allowed non-privileged users to read uninitialised physical memory pages, where the original data was either moved or paged out.”

ZeroPeril has discovered two issues in the amdpsp.sys (v4.13.0.0) kernel driver module that ships with AMD Chipset Drivers package for multiple AMD chipsets. The second issue reported by ZeroPeril is a memory leak type bug.

AMD has released PSP driver version 3.08.17.735 to fix both issues, the AMD Chipset Drivers package for the following AMD chipsets have been impacted

• B350
• A320
• X370
• X399
• B450
• X470
• X570
• B550
• A520
• TRX40
• WRX80

“During our tests we managed to leak several gigabytes of uninitialized physical pages by allocating and freeing blocks of 100 allocations continuously until the system was not able to return a contiguous physical page buffer. The contents of those physical pages varied from kernel objects and arbitrary pool addresses that can be used to circumvent exploitation mitigations such as KASLR, and even registry key mappings of \Registry\Machine\SAM containing NTLM hashes of user authentication credentials that can be used in subsequent attack stages.” reads the advisory published by the security firm. “For example, these can be used to steal credentials of a user with administrative privilege and/or be used in pass-the-hash style attacks to gain further access inside a network”

AMD also published its own advisory about this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2021-26333)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.