Kyriakos Oikonomou discovered a vulnerability in AMD drivers

AMD announced that Windows users should immediately update their operating systems because a dangerous vulnerability was discovered in one of the CPU drivers.

The vulnerability could be exploited to dump system memory and steal sensitive information from computers using AMD chips.

amd ryzen 7

Vulnerability CVE-2021-26333 was discovered by Kyriakos Oikonomou, co-founder of the security company ZeroPeril, and is in the driver of the AMD Platform Security Processor (PSP), which is the equivalent of AMD for Intel SGX technology.

It is also known as a trusted execution environment (TEE from the trusted execution environment). AMD PSP creates secure pockets within AMD processors that allow the operating system to process sensitive information within encrypted memory.

To interact with the pockets, the Windows operating system uses a kernel driver called amdsps.sys.

But a publication by Oikonomou on Wednesday, revealed two problems in this driver that allow a non-administrator user to dump the system memory and search for sensitive information that the operating system handles.

So on Tuesday, as Microsoft released the standard updates via Patch Tuesday, AMD officially released the vulnerability, urging anyone interested to apply the updates they contained and the AMD Chipset Driver updates.

AMD recommends updating to AMD PSP driver 5.17.0.0 through Windows Update or by updating to AMD Chipset Driver 3.08.17.735.

The company said that the following products are affected by the vulnerability, and those who use them should inform immediately:

  • AMD FX APU 6th generation with Radeon ™ R7 Graphics
  • AMD A10 APU with Radeon R6 Graphics
  • AMD A8 APU with Radeon R6 Graphics
  • AMD A6 APU with Radeon R5 Graphics
  • AMD A4-Series APU with Radeon Graphics
  • AMD Athlon ™ X4 Processor
  • AMD E1-Series APU with Radeon Graphics
  • AMD Ryzen ™ 1000 series Processor

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















CVE-2021-26333, amd, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).