AMD processor vulnerability found, discloses passwords as non-administrative user

AMD has released information about a driver vulnerability that affects their processors, allowing any user to not only access the information, but also download the information through certain Windows memory pages. The attacker is able to access passwords, as well as launch various attacks, such as KASLR exploit mitigation termination, also known as Specter and Meltdown.

AMD Fixes Vulnerability That Could Leak Your Passwords Through Patch Update

This information came to light after a security researcher and co-founder of ZeroPeril, Kyriakos Economou, discovered the exploit and contacted AMD. Thanks to their work, AMD was able to issue mitigations that are currently part of the most recent processor drivers. You can also use Windows Update to receive the latest AMD PSP driver.

EVGA X570 DARK pictured in detail, one of the most powerful AMD Ryzen AM4 overclock motherboards yet

Affected AMD chipsets are

  • 2nd Generation AMD Ryzen mobile processor with Radeon graphics
  • 2nd Generation AMD Ryzen Threadripper processor
  • 3rd Generation AMD Ryzen Threadripper Processors
  • 6th Generation A-series processor with Radeon graphics card
  • 6th Generation A-Series mobile processor
  • 6th Generation FX APU with Radeon ™ R7 Graphics
  • 7th Generation A-Series APUs
  • 7th Generation A-Series mobile processor
  • 7th Generation E-Series mobile processor
  • A4 series APU with Radeon graphics card
  • A6 APU with Radeon R5 graphics card
  • A8 APU with Radeon R6 graphics card
  • A10 APU with Radeon R6 graphics card
  • 3000 series mobile processors with Radeon graphics card
  • Athlon 3000 series mobile processors with Radeon graphics card
  • Athlon mobile processors with Radeon graphics card
  • Athlon X4 processor
  • Athlon 3000 series mobile processors with Radeon graphics card
  • Athlon X4 processor
  • E1 series APU with Radeon graphics card
  • Ryzen 1000 series processor
  • Ryzen 2000 Series Desktop Processor
  • Ryzen 2000 Series Mobile Processor
  • Ryzen 3000 Series Desktop Processor
  • Ryzen 3000 Series Mobile Processor with Radeon Graphics
  • Ryzen 3000 Series Mobile Processor
  • Ryzen 4000 Series Desktop Processor with Radeon Graphics
  • Ryzen 5000 Series Desktop Processor
  • Ryzen 5000 series desktop processor with Radeon graphics card
  • AMD Ryzen 5000 series mobile processors with Radeon graphics
  • Ryzen Threadripper PRO processor
  • Ryzen Threadripper processor

AMD’s current driver update has been active for several weeks, but this is the first time AMD has explained the details of current driver updates.

Economou explains the process in a recently released leaked report. In the document it shows the vulnerability in length.

During our testing, we were able to disclose several gigabytes of uninitialized physical pages by continuously allocating and releasing blocks of 100 allocations until the system was unable to return a contiguous physical page buffer. .

The content of these physical pages ranged from kernel objects and arbitrary pool addresses that could be used to bypass exploitation mitigations such as KASLR, and even registry key mappings from Registry Machine SAM containing NTLM hashes of user credentials that can be used in later attack phases.

For example, these can be used to steal the credentials of a user with administrative privileges and / or be used in pass-the-hash style attacks to gain additional access inside. a network.

Economou initially discovered the feat using the AMD Ryzen 2000 and 3000 series. AMD initially only listed the Ryzen 1000 series and older generations of processors in its internal reviews. Website Tom’s Hardware contacted AMD after reading Economou’s document to find the above list of affected chipsets.

Does AMD Instinct MI300 accelerator have Exascale APU mode?

The report shows Economou targeted two separate sections of the AMD amdsps.sys driver, which is used by the Platform Security Chip (PSP), “an embedded chip that manages chip security.” This attack allowed Economou to download several gigabytes of “uninitialized physical memory pages”.

It’s speculated that due to AMD’s increased market share since last year, their chipsets and graphics cards may come under more attack, and we may see more immediate fixes in the future. We recently saw AMD GPUs attacked by an exploit found through the memory sections of their GPUs.

AMD requires users to download AMD PSP driver through Windows Update (AMD PSP driver 5.17.0.0) or AMD processor driver from their support page (AMD chipset driver 3.08.17.735).


Source link

Comments are closed.