AMD has disclosed details of a chipset vulnerability that can allow unprivileged users to read and dump certain types of memory pages in Windows. This technique allows an attacker to steal passwords or activate other types of attacks, including bypassing standard mitigations of KASLR exploitation (aka Specter and Meltdown) (via The record).
Word of the bug came in a coordinated disclosure with Kyriakos Economou, a security researcher and co-founder of ZeroPeril, who exploited the vulnerability to download several gigabytes of sensitive data from affected AMD processors, but in as a non-administrator user. AMD has prepared mitigations which can be downloaded as part of its latest chipset drivers or by using Windows Update to update the AMD PSP driver (update details are below).
AMD initially released the patch several weeks ago, but did not reveal the vulnerabilities that were fixed. This new disclosure answers these questions.
The security researcher first discovered the flaw with the Ryzen 2000 and 3000 chips, but AMD initially only listed the Ryzen 1000 and older chips in its review. The researcher noted the discrepancy in their report, and we followed up with AMD on the issue. AMD has since updated the page with a full list of affected processors that covers its entire line of modern consumer processors as well as many older models (list below).
Economou attacked two separate issues with AMD’s amdsps.sys driver for its Platform Security Processor (PSP), an embedded chip that manages the security of the chip. The vulnerability allowed the researcher to extract several gigabytes of uninitialized physical memory pages. The full report delves into the details of the vulnerability (PDF Alert), but this passage sums up the end result:
“During our testing, we were able to disclose several gigabytes of uninitialized physical pages by continuously allocating and releasing blocks of 100 allocations until the system is unable to return a physical page buffer. contiguous.
The content of these physical pages ranged from kernel objects and arbitrary pool addresses that can be used to bypass exploitation mitigations such as KASLR, and even registry key mappings of Registry Machine SAM containing NTLM hashes of user credentials that can be used in later attack phases.
For example, these can be used to steal the credentials of a user with administrative privileges and / or be used in pass-the-hash style attacks to gain additional access inside. a network. “
AMD informs that affected users are updating AMD PSP Driver 22.214.171.124 through Windows Update or AMD Chipset Driver 3.08.17.735 (or newer version in the future).
AMD’s chipset vulnerability disclosure follows news that all of its processors suffer from a Meltdown-type vulnerability that will require specific software optimizations to be addressed. However, AMD leaves that to the software vendors, which means that many types of software just might not be patched.
AMD’s processors have gained a reputation for being more secure than Intel’s chips because of much less discovered vulnerabilities. However, as a smaller player with less of the overall x86 market share, it has long been believed that AMD’s processors simply haven’t received as much strain and push from researchers. Now that AMD has taken a bigger share of the market and continues to grow, it’s inevitable that researchers and bad actors will target processors more frequently.
Here’s a guide on how to update your system and a full list of affected processors, which includes all Ryzen and Threadrippers processors, plus dozens of other models.
How to know if you have the latest drivers
If you are wondering if you have already put the mitigation measures in place to protect your PC, you should check if your AMD PSP driver is version 126.96.36.199 or higher. To do this:
1. Open device manager. You can access it either by pressing Windows key + X and selecting it from the context menu.
2. Open security devices.
3. Right click on the AMD PSP device and select properties.
4. Click on the Driver tab.
5. Look at the driver version number. If it is lower than 188.8.131.52, you need an update.
How to Update Your AMD Chipset Drivers
If you have any of the above processors, are using Windows, and your AMD PSP driver is lower than 184.108.40.206, follow these instructions.
1. Move towards AMD Drivers and Support Page.
2. Select the chipset for your motherboard from the menu and click Submit. For Ryzen processors, you’ll want to start by choosing Chipsets-> AMD Socket AM4, then the chipset (ex: B550).
3. Click on the Download button under “AMD Chipset Drivers”. A zip file will be downloaded.
4. Open zip file, extract the installer and execute. Be patient, as the software may take a few minutes to detect what you have and appear to be frozen. Do not click outside the window or, in our experience, it could freeze.
5. Make sure the AMD PSP driver is checked and click Install.
Again, you will have to be patient as the system will take several minutes to download and install updates.
6. Click on Restart when the process is complete.
Your computer will restart and you should have the updated AMD PSP driver now.
Affected AMD processors
- 2nd Generation AMD Ryzen mobile processor with Radeon graphics
- 2nd Generation AMD Ryzen Threadripper processor
- 3rd Generation AMD Ryzen ™ Threadripper ™ Processors
- 6th Generation AMD A-Series processor with Radeon ™ graphics
- 6th Generation AMD A-Series mobile processor
- 6th Generation AMD FX APU with Radeon ™ R7 Graphics
- 7th Generation AMD A-Series APUs
- 7th Generation AMD A-Series mobile processor
- 7th Generation AMD E-Series mobile processor
- AMD A4 series APU with Radeon graphics card
- AMD A6 APU with Radeon R5 graphics card
- AMD A8 APU with Radeon R6 graphics card
- AMD A10 APU with Radeon R6 graphics card
- AMD 3000 Series Mobile Processors with Radeon ™ Graphics
- AMD Athlon 3000 Series mobile processors with Radeon ™ graphics
- AMD Athlon mobile processors with Radeon ™ graphics
- AMD Athlon X4 processor
- AMD Athlon ™ 3000 Series Mobile Processors with Radeon ™ Graphics
- AMD Athlon ™ X4 processor
- AMD E1 Series APU with Radeon Graphics
- AMD Ryzen ™ 1000 series processor
- AMD Ryzen ™ 2000 Series Desktop Processor
- AMD Ryzen ™ 2000 Series Mobile Processor
- AMD Ryzen ™ 3000 Series Desktop Processor
- AMD Ryzen ™ 3000 Series Mobile Processor with Radeon ™ Graphics
- AMD Ryzen ™ 3000 Series mobile processor
- AMD Ryzen ™ 4000 Series Desktop Processor with Radeon ™ Graphics
- AMD Ryzen ™ 5000 Series Desktop Processor
- AMD Ryzen ™ 5000 Series Desktop Processor with Radeon ™ Graphics
- AMD Ryzen ™ 5000 Series Mobile Processors with Radeon ™ Graphics
- AMD Ryzen ™ Threadripper ™ PRO processor
- AMD Ryzen ™ Threadripper ™ processor