AMD Platform Security Processor (PSP) Chipset Driver Information Disclosure (AMD-SB-1009)

medium Nessus Plugin ID 153836

Synopsis

The remote host has a chipset driver that is affected by an information disclosure vulnerability.

Description

The version of the AMD Platform Security Processor (PSP) chipset driver found on the remote host is prior to 5.17.0.0.
It is, therefore, affected by an information disclosure vulnerability. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update to AMD PSP driver 5.17.0.0 through Windows Update or by updating to AMD Chipset Driver 3.08.17.735.

See Also

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009

Plugin Details

Severity: Medium

ID: 153836

File Name: amd_chipset_amd-sb-1009.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 10/1/2021

Updated: 10/8/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2021-26333

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/a:amd:platform_security_processor_chipset_driver

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 9/21/2021

Vulnerability Publication Date: 9/21/2021

Reference Information

CVE: CVE-2021-26333

IAVA: 2021-A-0443