https://www.tomshardware.com/news/amd-chipset-vulnerability-leaks-passwords Skip to main content (*) ( ) [] Tom's Hardware [ ] Search [ ] RSS UK US Australia Canada * * Reviews * Best Picks * Raspberry Pi * CPUs * GPUs * Coupons * More + Laptops + SSDs + Motherboards + Cooling + Desktops + PC Builds + Monitors + RAM + PC Cases + Keyboards + Headsets + Mice + Power Supplies + VR Headsets + Windows Tips Forums Trending * Alder Lake * Windows 11 ISO * Ryzen 5 5600G * Intel Arc Alchemist Tom's Hardware is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more 1. Home 2. News AMD Chipset Vulnerability Leaks Passwords, Patch Available By Paul Alcorn 17 September 2021 Apply this patch right away if you have an AMD CPU. * * * * * * * Comments (0) vulnerability (Image credit: Shutterstock) AMD has divulged details about a chipset vulnerability that can allow non-privileged users to read and dump some types of memory pages in Windows. This technique allows an attacker to steal passwords or enable other types of attacks, including circumventing standard KASLR exploitation (aka Spectre and Meltdown) mitigations (via TheRecord). Word of the bug came as part of a coordinated disclosure with Kyriakos Economou, a security researcher and co-founder of ZeroPeril, who exploited the vulnerability to downloaded several gigabytes of sensitive data from impacted AMD processors -- but as a non-admin user. AMD has prepared mitigations that can be downloaded either as part of its latest chipset drivers or by using Windows Update to update the AMD PSP driver (details of how to update are below). AMD originally issued the patch several weeks ago, but without disclosing which vulnerabilities were addressed. This new disclosure answers those questions. The security researcher first discovered the flaw with Ryzen 2000- and 3000-series chips, but AMD initially listed only Ryzen 1000 and older chips in its advisory. The researcher noted the discrepancy in his report, and we followed up with AMD about the issue. AMD has since updated the page with a full list of impacted processors that spans its entire modern consumer processor lineup as well as many older models (list below). Economou attacked two separate issues with AMD's amdsps.sys driver for its Platform Security Processor (PSP), an embedded chip that manages chip security. The vulnerability allowed the researcher to extract multiple gigabytes of uninitialized physical memory pages. The full report goes deeper into the details of the vulnerability ( PDF alert), but this passage summarizes the end result: "During our tests we managed to leak several gigabytes of uninitialized physical pages by allocating and freeing blocks of 100 allocations continuously until the system was not able to return a contiguous physical page buffer. The contents of those physical pages varied from kernel objects and arbitrary pool addresses that can be used to circumvent exploitation mitigations such as KASLR, and even registry key mappings of \ Registry\Machine\SAM containing NTLM hashes of user authentication credentials that can be used in subsequent attack stages. For example, these can be used to steal credentials of a user with administrative privilege and/or be used in pass-the-hash style attacks to gain further access inside a network." AMD advises that impacted users update to AMD PSP driver 5.17.0.0 via Windows Update or to AMD Chipset Driver 3.08.17.735 (or newer in the future). AMD's chipset vulnerability disclosure comes on the heels of news that all of its processors suffer from a Meltdown-like vulnerability that will require specific software optimizations to patch. However, AMD leaves that to software vendors to implement, meaning many types of software could simply go unpatched. AMD's processors have gained a reputation for being more secure than Intel's chips due to far fewer discovered vulnerabilities. However, as the smaller player with less overall x86 market share, it has long been opined that AMD's processors simply haven't been subject to as much poking and prodding from researchers. Now that AMD has taken a more significant portion of the market and continues to grow it is inevitable that researchers, and nefarious actors, will target the processors more frequently. Here's the list of impacted processors, and a guide on how to update your system: Affected AMD CPUs * 2nd Gen AMD Ryzen Mobile Processor with Radeon Graphics * 2nd Gen AMD Ryzen Threadripper processor * 3rd Gen AMD Ryzen(tm) Threadripper(tm) Processors * 6th Generation AMD A series CPU with Radeon(tm) Graphics * 6th Generation AMD A-Series Mobile Processor * 6th Generation AMD FX APU with Radeon(tm) R7 Graphics * 7th Generation AMD A-Series APUs * 7th Generation AMD A-Series Mobile Processor * 7th Generation AMD E-Series Mobile Processor * AMD A4-Series APU with Radeon Graphics * AMD A6 APU with Radeon R5 Graphics * AMD A8 APU with Radeon R6 Graphics * AMD A10 APU with Radeon R6 Graphics * AMD 3000 Series Mobile Processors with Radeon(tm) Graphics * AMD Athlon 3000 Series Mobile Processors with Radeon(tm) Graphics * AMD Athlon Mobile Processors with Radeon(tm) Graphics * AMD Athlon X4 Processor * AMD Athlon(tm) 3000 Series Mobile Processors with Radeon(tm) Graphics * AMD Athlon(tm) X4 Processor * AMD E1-Series APU with Radeon Graphics * AMD Ryzen(tm) 1000 series Processor * AMD Ryzen(tm) 2000 series Desktop Processor * AMD Ryzen(tm) 2000 series Mobile Processor * AMD Ryzen(tm) 3000 Series Desktop Processor * AMD Ryzen(tm) 3000 series Mobile Processor with Radeon(tm) Graphics * AMD Ryzen(tm) 3000 series Mobile Processor * AMD Ryzen(tm) 4000 Series Desktop Processor with Radeon(tm) Graphics * AMD Ryzen(tm) 5000 Series Desktop Processor * AMD Ryzen(tm) 5000 Series Desktop Processor with Radeon(tm) Graphics * AMD Ryzen(tm) 5000 Series Mobile Processors with Radeon(tm) Graphics * AMD Ryzen(tm) Threadripper(tm) PRO Processor * AMD Ryzen(tm) Threadripper(tm) Processor How to Update Your AMD Chipset Drivers If Windows Update doesn't grab the latest AMD PSP drivers for you or you're concerned that it hasn't, here's how to get the latest chipset drivers from AMD. 1. Navigate to AMD's Drivers and Support Page. 2. Select the chipset for your motherboard from the menu and click Submit. For Ryzen processors, you'll want to start by picking Chipsets->AMD Socket AM4 and then the chipset (ex: B550). Select the chipset (Image credit: Tom's Hardware) 3. Click the Download button beneath "AMD Chipset Drivers." A zip file will download. Click the download button (Image credit: Tom's Hardware) 4. Open the zip file, extract the installer and run it. This should update you to the latest chipset version. Paul Alcorn Paul Alcorn Paul Alcorn is the Deputy Managing Editor for Tom's Hardware US. He writes news and reviews on CPUs, storage and enterprise hardware. Topics CPUs See all comments (0) [ ] No comments yet Comment from the forums Be In the Know Get instant access to breaking news, in-depth reviews and helpful tips. [ ] [ ] [ ] Contact me with news and offers from other Future brands [ ] Receive email from us on behalf of our trusted partners or sponsors [Sign me up] Thank you for signing up to Tom's Hardware. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. MOST POPULARMOST SHARED 1. GeForce RTX 3060 Ti 1 Nvidia Slips Faulty RTX 3070 Ti Dies Into The RTX 3060 2. 2 Someone Made Ubuntu Look Just Like Windows 11 3. 3 Get $130 off this Gigabyte 32-inch QHD gaming monitor 4. 4 PrintNightmare Windows Patch Reportedly Breaks Network Printing Altogether 5. 5 Researchers Find Malware Hiding in Windows Subsystem for Linux 1. GeForce RTX 3060 Ti 1 Nvidia Slips Faulty RTX 3070 Ti Dies Into The RTX 3060 2. 2 Someone Made Ubuntu Look Just Like Windows 11 3. 3 Get $130 off this Gigabyte 32-inch QHD gaming monitor 4. 4 PrintNightmare Windows Patch Reportedly Breaks Network Printing Altogether 5. 5 Researchers Find Malware Hiding in Windows Subsystem for Linux Tom's Hardware is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. * Terms and conditions * Privacy policy * Cookies policy * Accessibility Statement * Advertise * About us * Contact us * Coupons (c) Future US, Inc. 11 West 42nd Street, 15th Floor, New York, NY 10036.