Researchers from ZeroPeril have discovered a driver vulnerability in several (nearly all) AMD chipsets. The bug allows attackers to extract information from memory via the Platform Security Processor (PSP) in AMD CPUs. At the time of testing, it appears to affect only the Windows driver (surprise surprise). This may result in sensitive data such as passwords being leaked to attackers. AMD’s Platform Security Process (PSP) is the chipmaker’s own take on Intel’s SGX technology and basically consists of a separate processor for the purpose.
Luckily, the problem isn’t hardware-specific but limited to the driver itself and can be solved with a driver update. The researchers were able to leak multiple GBs of data using the chipset driver exploit. As such, a driver update is highly recommended for the same. According to AMD, pretty much every Ryzen processor lineup, including Zen 1, Zen+, Zen 2, Zen 3, plus the Threadrippers are affected.
AND has already released a chipset driver PSP update (v126.96.36.199) for Windows and recommends users acquire it either Windows Update or manually download it from the AMD website. The list of vulnerable chipsets and CPUs is as follows:
- AMD FX 6000 CPUs with R7 graphics (presumably AMD A 6000 APUs)
- AMD A10 APUs with R6 Graphics
- AMD A8 APUs with R6 Graphics
- AMD A6 APUs with R5 Graphics
- AMD A4 APUs with Radeon Graphics
- AMD Athlon X4
- AMD E1 APUs with Radeon Graphics
- AMD Ryzen 1000 Series
- AMD Ryzen 2000 Series
- AMD Ryzen 3000 Series
- AMD Ryzen 5000 Series
- AMD Ryzen Threadripper (presumably all models)