CVE-2021-26333

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AMDCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
amdchipset_driver
𝑥
< 3.08.17.735
amdpsp_driver
𝑥
< 5.17.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html
http://seclists.org/fulldisclosure/2021/Sep/24
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009
http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html
http://seclists.org/fulldisclosure/2021/Sep/24
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009