CVE-2021-26333: AMD Chipset Driver Information Disclosure Vulnerability

CVE: CVE-2021-26333
Reported by: Kyriakos Economou (@kyREcon)
Vendor: AMD
Products: AMD PSP driver < v5.17.0.0

Advisory
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.

References
MITRE
Technical Details (PDF)

 

All Rights R3v3rs3d