AMD CPU driver bug can break KASLR, expose passwords

by chebbi abir

AMD has advised Windows users this week to update their operating systems in order to receive a patch for a dangerous vulnerability in one of its CPU chipset drivers that can be exploited to dump system memory and steal sensitive information from AMD-powered computers.

Tracked as CVE-2021-26333 and discovered by Kyriakos Economou, co-founder of security firm ZeroPeril, the vulnerability resides in the driver for  AMD Platform Security Processor (PSP), which is AMD’s equivalent for Intel’s SGX technology.

Also known as a trusted execution environment (TEE), the AMD PSP creates secure enclaves inside AMD processors that allow the operating system to process sensitive information inside cryptographically secured memory.

In order to interact with PSP enclaves, the Windows OS uses a kernel driver named amdsps.sys.

But in a report published on Wednesday, Economou said he found two issues in this driver that allows a non-admin user to dump the system memory and search for sensitive information handled by the OS.

“During our tests we managed to leak several gigabytes of uninitialized physical pages,” the ZerPeril co-founder said.

Patches available via Windows Update

Economou said they successfully tested attacks on AMD Ryzen 2000- and 3000-series CPUs before reporting the issue to the vendor earlier this year in April.

On Tuesday, as Microsoft rolled out its monthly batch of security updates known as Patch Tuesday, AMD issued its own advisory urging users to apply the updates as they also contained updates for its PSP chipset driver.

“AMD recommends updating to AMD PSP driver 5.17.0.0 through Windows Update or by updating to AMD Chipset Driver 3.08.17.735,” the company said this week.

The Santa Clara-based hardware vendor said the following AMD CPU products are affected and that users running these products will need to look into updating their systems as well.


To read the original article

https://therecord.media/amd-cpu-driver-bug-can-break-kaslr-expose-passwords/

Top

Interdit de copier  ce contenu