CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system.

Chipmaker AMD has addressed a medium severity issue in Platform Security Processor (PSP) chipset driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system.

The vulnerability is an information disclosure issue, an attacker can trigger it by sending requests to the driver resulting in a potential data leak from uninitialized physical pages.

The flaw was reported by Kyriakos Economou from ZeroPeril.

“We recently discovered a critical information disclosure vulnerability that affected the AMD Platform Security Processor (PSP) chipset driver for multiple CPU architectures.” reads the security advisory. “The vulnerability allowed non-privileged users to read uninitialised physical memory pages, where the original data was either moved or paged out.”

ZeroPeril has discovered two issues in the amdpsp.sys (v4.13.0.0) kernel driver module that ships with AMD Chipset Drivers package for multiple AMD chipsets. The second issue reported by ZeroPeril is a memory leak type bug.

AMD has released PSP driver version 3.08.17.735 to fix both issues, the AMD Chipset Drivers package for the following AMD chipsets have been impacted

• B350
• A320
• X370
• X399
• B450
• X470
• X570
• B550
• A520
• TRX40
• WRX80

“During our tests we managed to leak several gigabytes of uninitialized physical pages by allocating and freeing blocks of 100 allocations continuously until the system was not able to return a contiguous physical page buffer. The contents of those physical pages varied from kernel objects and arbitrary pool addresses that can be used to circumvent exploitation mitigations such as KASLR, and even registry key mappings of \Registry\Machine\SAM containing NTLM hashes of user authentication credentials that can be used in subsequent attack stages.” reads the advisory published by the security firm. “For example, these can be used to steal credentials of a user with administrative privilege and/or be used in pass-the-hash style attacks to gain further access inside a network”

AMD also published its own advisory about this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2021-26333)

[adrotate banner=”5″]

[adrotate banner=”13″]