AMD announced that Windows users should immediately update their operating systems because a dangerous vulnerability was discovered in one of the CPU drivers.
The vulnerability could be exploited to dump system memory and steal sensitive information from computers using AMD chips.
Vulnerability CVE-2021-26333 discovered by Kyriakos Oikonomou, co-founder of security company ZeroPeril, and found in the driver (driver) of the AMD Platform Security Processor (PSP), which is AMD's equivalent of Intel's SGX technology.
It is also known as trusted execution environment (TEE from trusted execution environment). AMD PSP creates secure pockets within AMD processors that allow the operating system to process sensitive information within a cryptographically secured memory.
To interact with the pockets, the Windows operating system uses a kernel driver called amdsps.sys.
But a publication by Oikonomou on Wednesday, revealed two problems in this driver that allow a non-administrator user to dump the system memory and search for sensitive information that the operating system handles.
So on Tuesday, as the Microsoft released the established updates via Patch Tuesday, AMD has officially published the vulnerability now, and urged all concerned to apply the updates they contained and the AMD Chipset Driver updates.
AMD recommends updating to AMD PSP driver 5.17.0.0 through Windows Update or by updating to AMD Chipset Driver 3.08.17.735.
The company reported that the following products affected by the vulnerability, and those using them should immediately notify:
- AMD FX APU 6th generation with Radeon ™ R7 Graphics
- AMD A10 APU with Radeon R6 Graphics
- AMD A8 APU with Radeon R6 Graphics
- AMD A6 APU with Radeon R5 Graphics
- AMD A4-Series APU with Radeon Graphics
- AMD Athlon ™ X4 Processor
- AMD E1-Series APU with Radeon Graphics
- AMD Ryzen ™ 1000 series Processor