Anyone using a computer that runs AMD Ryzen hardware needs to apply the latest driver updates to secure their computer systems. Last month, AMD launched a driver to patch a critical security flaw without mentioning which vulnerability the patch was meant to address. However, a recent report published by security researchers disclosed a significant vulnerability in the driver.
If attackers exploited the vulnerability, they could steal sensitive information from Ryzen computers, including passwords. The vulnerability impacts all Ryzen processors and several previous generations of AMD hardware. The vulnerability is in the Platform Security Processor (PSP) chipset driver and is tracked under CVE-2021-26333.
The PSP is an important part of the computer that works in conjunction with the OS to store sensitive data using secured memory sections. It’s only supposed to be accessible to administrators, but the recently published report found that non-privileged users could leverage an exploit in the driver to gain access to the information. The report was published by security research firm ZeroPeril.
Initially, AMD said the vulnerability was only an issue for systems running the Ryzen 1000 series processors. However, the report found that all desktop and mobile Ryzen hardware was vulnerable. AMD did update the security disclosure in light of the report.
It’s important to understand that the vulnerability is in the motherboard chipset. That means any computer user running an AMD graphics card but isn’t using an AMD processor doesn’t have to worry about this particular vulnerability. Researchers at ZeroPeril were able to leverage the vulnerability to leak multiple gigabytes of data. The exploits not only allow access to sensitive data but can also provide attackers with additional access to network resources. The good news is AMD already has a new PSP chipset driver (126.96.36.199) that launched last week.