AMD announced that Windows users should immediately update their operating systems because a dangerous vulnerability was discovered in one of the CPU drivers.
The vulnerability could be exploited to dump system memory and steal sensitive information from computers using AMD chips.
Vulnerability CVE-2021-26333 discovered by Kyriakos Oikonomou, co-founder of security company ZeroPeril, and found in the AMD Platform Security Processor (PSP) driver, which is AMD's equivalent of technology SGX by Intel.
It is also known as trusted execution environment (TEE from trusted execution environment). AMD PSP creates safe pockets inside AMD processors that allow the functional system to process sensitive information within a cryptographically secured memory.
To interact with the pockets, the Windows operating system uses a kernel driver called amdsps.sys.
But a publication by Oikonomou on Wednesday, revealed two problems in this driver that allow a non-administrator user to dump the system memory and search for sensitive information that the operating system handles.
So on Tuesday, as Microsoft rolled out established updates via Patch Tuesday, AMD made the vulnerability official now, and urged everyone concerned to apply the updates it contained and the updates for AMD chipset Drivers.
AMD recommends updating to AMD PSP driver 5.17.0.0 through Windows Update or by updating to AMD Chipset Driver 3.08.17.735.
The company said that the following products are affected by the vulnerability, and those who use them should inform immediately:
- 6th Gen AMD FX APU with Radeon™ R7 Graphics
- AMD A10 APU with Radeon R6 Graphics
- AMD A8 APU with Radeon R6 Graphics
- AMD A6 APU with Radeon R5 Graphics
- AMD A4-Series APU with Radeon Graphics
- AMD Athlon ™ X4 Processor
- AMD E1-Series APU with Radeon Graphics
- AMD Ryzen ™ 1000 series Processor
