AMD released a new chipset driver in August that patched “critical security flaws,” but it didn’t mention which vulnerabilities the patch worked for. In a report published last week, cybersecurity researchers disclosed a vulnerability in the driver that would allow attackers to steal sensitive information like passwords, and it impacts all Ryzen processors, as well as several previous AMD generations.
The vulnerability (CVE-2021-26333) exists in AMD’s Platform Security Processor (PSP) chipset driver. The PSP works with the operating system to store sensitive information in secured parts of memory, and it’s usually only accessible by administrators.
Kyriakos Economou, co-founder of security research firm ZeroPeril, published a report last week that said non-privileged users could exploit the driver to access the sensitive information stored in memory, according to The Record. Originally, AMD listed the vulnerability as only affecting Ryzen 1000 processors. The report says that all desktop and mobile Ryzen processors are affected, and AMD has updated its security disclosure since.
The attack focuses in the motherboard chipset, so it doesn’t apply if you have an AMD graphics card without an AMD processor (though another security flaw is posing a risk to AMD cards at the moment).
According to the report, Economou was able to leak “several gigabytes” of data. The exploit also allows attackers to get around mitigations like kernel address space layout randomization (KASLR), which protect against attacks that exploit a known address for the kernel. With these exploits, attackers can steal sensitive information like passwords and gain deeper permissions in a network.
Although scary, AMD has already patched the vulnerability with a new PSP chipset driver, which rolled out last week through Microsoft’s September Patch Tuesday. Read on learn how to update your drivers to make sure you have the latest version.
How to protect yourself
The latest version of the AMD PSP driver is 5.17.0.0, which is part of AMD Chipset Driver 3.08.17.735. You can install the driver manually, but it’s available now through Windows Update. To patch, press Windows Key + S, type “update,” and select Check for Updates. That will bring you to the Windows Update page.
Then select Check for Updates and install any that are available. After that’s done, make sure to restart your computer to apply the new patches. Alternatively, you can download AMD’s auto-detect tool to install the latest Ryzen chipset drivers to your system. If you go this route, make sure to know your motherboard’s chipset and be certain that AMD PSP Driver is checked during the chipset driver installation.
If you arrive at Windows Update and don’t see anything, you can check to see if you have the latest chipset driver installed. Press Windows Key + X and select Device Manager. Expand the Security Devices list, right-click on AMD PSP, and select Properties. In the window that opens, select the Driver tab to view your driver version.
The secure version is 5.17.0.0, so you’ll need to update if your driver version is different. Although the vulnerability is mainly focused on recent Ryzen processors, it actually affects many generations of AMD CPUs. Here’s the full list:
- 2nd Gen AMD Ryzen Mobile Processor with Radeon Graphics
- 2nd Gen AMD Ryzen Threadripper processor
- 3rd Gen AMD Ryzen Threadripper Processors
- 6th Generation AMD A series CPU with Radeon Graphics
- 6th Generation AMD A-Series Mobile Processor
- 6th Generation AMD FX APU with Radeon R7 Graphics
- 7th Generation AMD A-Series APUs
- 7th Generation AMD A-Series Mobile Processor
- 7th Generation AMD E-Series Mobile Processor
- AMD A4-Series APU with Radeon Graphics
- AMD A6 APU with Radeon R5 Graphics
- AMD A8 APU with Radeon R6 Graphics
- AMD A10 APU with Radeon R6 Graphics
- AMD 3000 Series Mobile Processors with Radeon Graphics
- AMD Athlon 3000 Series Mobile Processors with Radeon Graphics
- AMD Athlon Mobile Processors with Radeon Graphics
- AMD Athlon X4 Processor
- AMD Athlon 3000 Series Mobile Processors with Radeon Graphics
- AMD Athlon X4 Processor
- AMD E1-Series APU with Radeon Graphics
- AMD Ryzen 1000 series Processor
- AMD Ryzen 2000 series Desktop Processor
- AMD Ryzen 2000 series Mobile Processor
- AMD Ryzen 3000 Series Desktop Processor
- AMD Ryzen 3000 series Mobile Processor with Radeon Graphics
- AMD Ryzen 3000 series Mobile Processor
- AMD Ryzen 4000 Series Desktop Processor with Radeon Graphics
- AMD Ryzen 5000 Series Desktop Processor
- AMD Ryzen 5000 Series Desktop Processor with Radeon Graphics
- AMD Ryzen 5000 Series Mobile Processors with Radeon Graphics
- AMD Ryzen Threadripper PRO Processor
- AMD Ryzen Threadripper Processor