Millions of AMD CPU-based computers are currently at risk because of the new PSP (Platform Security Processor) vulnerability. What models are affected?
AMD-based CPUs are currently in trouble after security experts discovered a new vulnerability that could lead to massive user data leaks. Researchers are now urging consumers to download the latest patches offered by the giant tech manufacturer to avoid possible malicious campaigns.
After finding several security flaws in Intel’s System Guard Extensions (SGX), security researchers have now revealed a flaw in the company’s PSP or Platform Security Processor chipset driver.
Involved cybersecurity experts confirmed that the new system vulnerability is quite serious since it could allow attackers to easily acquire sensitive data from the Ryzen-powered systems. To prevent a massive consumer detail leakage, AMD decided to release fixes, which are currently available for both Microsoft and the company’s CPUs.
Millions of Computers are Now At Risk
Recently, AMD disclosed a vulnerability in the AMD Platform Security Processor (PSP) chipset driver that allows malicious actors to dump memory pages and exact sensitive information such as passwords and storage decryption keys.
The flaw is tracked under CVE-2021-26333 and is considered medium severity. It affects a wide range of AMD-powered systems, with all Ryzen desktop, mobile, and workstation CPUs being affected. Additionally, PCs equipped with 6th and 7th generation A-series APU or modern Athlon processors are vulnerable to the same attack.
The team of security experts, which involves one of the ZeroPeril researchers, Kyriakos Economou, said that the AMD CPU flaw was first discovered back in April. They were able to test a proof-of-concept exploit on several systems and found it relatively easy to leak several gigabytes of uninitialized physical memory pages when logged in as a user with low privileges. At the same time, this attack method can bypass exploitation mitigations like kernel address space layout randomization (KASLR).
On the other hand, the giant tech manufacturer also released a blog post to confirm the new system vulnerability, saying that “An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.”
Meanwhile, here is the full list of the affected CPU models of the giant tech firm:
- 2nd Gen Ryzen Mobile Processor with Radeon Graphics
- 2nd Gen Ryzen Threadripper processor
- 3rd Gen Ryzen™ Threadripper™ Processors
- 6th Generation A-series CPU with Radeon™ Graphics
- 6th Generation A-Series Mobile Processor
- 6th Generation FX APU with Radeon™ R7 Graphics
- 7th Generation A-Series APUs
- 7th Generation A-Series Mobile Processor
- 7th Generation E-Series Mobile Processor
- A4-Series APU with Radeon Graphics
- A6 APU with Radeon R5 Graphics
- A8 APU with Radeon R6 Graphics
- A10 APU with Radeon R6 Graphics
- 3000 Series Mobile Processors with Radeon™ Graphics
- Athlon 3000 Series Mobile Processors with Radeon™ Graphics
- Athlon Mobile Processors with Radeon™ Graphics
- Athlon X4 Processor
- Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
- Athlon™ X4 Processor
- E1-Series APU with Radeon Graphics
- Ryzen™ 1000 series Processor
- Ryzen™ 2000 series Desktop Processor
- Ryzen™ 2000 series Mobile Processor
- Ryzen™ 3000 Series Desktop Processor
- Ryzen™ 3000 series Mobile Processor with Radeon™ Graphics
- Ryzen™ 3000 series Mobile Processor
- Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
- Ryzen™ 5000 Series Desktop Processor
- Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
- Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
- Ryzen™ Threadripper™ PRO Processor
- Ryzen™ Threadripper™ Processor