CVE-2021-26333

low-risk
Published 2021-09-21

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.

Do I need to act?

-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Chipset Driver
Psp Driver

Affected Vendors

Amd

References (6)

Third Party Advisory http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Discl...
Mailing List http://seclists.org/fulldisclosure/2021/Sep/24
Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009
Third Party Advisory http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Discl...
Mailing List http://seclists.org/fulldisclosure/2021/Sep/24
Vendor Advisory https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009
25
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low