AMD announced that Windows users should immediately update their operating systems because a dangerous vulnerability was discovered in one of the CPU drivers.
The vulnerability could be exploited to dump system memory and steal sensitive information from computers using AMD chips.
Vulnerability CVE-2021-26333 was discovered by Kyriakos Oikonomou, co-founder of the security company ZeroPeril, and is in the driver of the AMD Platform Security Processor (PSP), which is the equivalent of AMD for Intel SGX technology.
It is also known as a trusted execution environment (TEE from the trusted execution environment). AMD PSP creates secure pockets within AMD processors that allow the operating system to process sensitive information within encrypted memory.
To interact with the pockets, the Windows operating system uses a kernel driver called amdsps.sys.
But a publication by Oikonomou on Wednesday, revealed two problems in this driver that allow a non-administrator user to dump the system memory and search for sensitive information that the operating system handles.
So on Tuesday, as Microsoft released the standard updates via Patch Tuesday, AMD officially released the vulnerability, urging anyone interested to apply the updates they contained and the AMD Chipset Driver updates.
AMD recommends updating to AMD PSP driver 5.17.0.0 through Windows Update or by updating to AMD Chipset Driver 3.08.17.735.
The company said that the following products are affected by the vulnerability, and those who use them should inform immediately:
- AMD FX APU 6th generation with Radeon ™ R7 Graphics
- AMD A10 APU with Radeon R6 Graphics
- AMD A8 APU with Radeon R6 Graphics
- AMD A6 APU with Radeon R5 Graphics
- AMD A4-Series APU with Radeon Graphics
- AMD Athlon ™ X4 Processor
- AMD E1-Series APU with Radeon Graphics
- AMD Ryzen ™ 1000 series Processor