Vulnerability Description
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Chipset Driver | < 3.08.17.735 |
| Amd | Psp Driver | < 5.17.0.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-DisclThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2021/Sep/24Mailing ListThird Party Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009Vendor Advisory
- http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-DisclThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2021/Sep/24Mailing ListThird Party Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009Vendor Advisory
FAQ
What is CVE-2021-26333?
CVE-2021-26333 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and...
How severe is CVE-2021-26333?
CVE-2021-26333 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-26333?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Chipset Driver, Amd Psp Driver.