AMD released information about a driver vulnerability that affects their CPUs, allowing any user to not only gain access to information but also download the information through certain Windows memory pages. The attacker is capable of gaining access to passwords, as well as launching different attacks, such as interrupting KASLR exploit mitigations, also known as Spectre and Meltdown.
AMD Addresses Vulnerability That Could Leak Your Passwords Through Patch Update
This information came to light after a security researcher and co-founder of ZeroPeril, Kyriakos Economou, discovered the exploit and contacted AMD. Through their work, AMD was able to issue mitigations that are currently part of the newest CPU drivers. You can also utilize Windows Update to receive the latest AMD PSP driver.
The affected AMD chipsets are
- 2nd Gen AMD Ryzen Mobile Processor with Radeon Graphics
- 2nd Gen AMD Ryzen Threadripper processor
- 3rd Gen AMD Ryzen Threadripper Processors
- 6th Generation A-series CPU with Radeon Graphics
- 6th Generation A-Series Mobile Processor
- 6th Generation FX APU with Radeon R7 Graphics
- 7th Generation A-Series APUs
- 7th Generation A-Series Mobile Processor
- 7th Generation E-Series Mobile Processor
- A4-Series APU with Radeon Graphics
- A6 APU with Radeon R5 Graphics
- A8 APU with Radeon R6 Graphics
- A10 APU with Radeon R6 Graphics
- 3000 Series Mobile Processors with Radeon Graphics
- Athlon 3000 Series Mobile Processors with Radeon Graphics
- Athlon Mobile Processors with Radeon Graphics
- Athlon X4 Processor
- Athlon 3000 Series Mobile Processors with Radeon Graphics
- Athlon X4 Processor
- E1-Series APU with Radeon Graphics
- Ryzen 1000 series Processor
- Ryzen 2000 series Desktop Processor
- Ryzen 2000 series Mobile Processor
- Ryzen 3000 Series Desktop Processor
- Ryzen 3000 series Mobile Processor with Radeon Graphics
- Ryzen 3000 series Mobile Processor
- Ryzen 4000 Series Desktop Processor with Radeon Graphics
- Ryzen 5000 Series Desktop Processor
- Ryzen 5000 Series Desktop Processor with Radeon Graphics
- AMD Ryzen 5000 Series Mobile Processors with Radeon Graphics
- Ryzen Threadripper PRO Processor
- Ryzen Threadripper Processor
AMD's current driver update has been active for several weeks, but this is the first for AMD to explain the details of the current driver updates.
Economou explains the process in a disclosed report recently released. In the document, it shows the vulnerability in length.
During our tests we managed to leak several gigabytes of uninitialized physical pages by allocating and freeing blocks of 100 allocations continuously until the system was not able to return a contiguous physical page buffer.
The contents of those physical pages varied from kernel objects and arbitrary pool addresses that can be used to circumvent exploitation mitigations such as KASLR, and even registry key mappings of \Registry\Machine\SAM containing NTLM hashes of user authentication credentials that can be used in subsequent attack stages.
For example, these can be used to steal credentials of a user with administrative privilege and/or be used in pass-the-hash style attacks to gain further access inside a network.
Economou initially discovered the exploit utilizing the AMD Ryzen 2000 and 3000 series. AMD originally listed only Ryzen 1000 series and older generations of CPUs in its internal advisories. Website Tom's Hardware contacted AMD after reading the document from Economou to find the above listing of affected chipsets.
The report shows that Economou targeted two separate sections of the AMD amdsps.sys driver, which is utilized by the Platform Security Processor (PSP), "an embedded chip that manages chip security." This attack allowed Economou to download several gigabytes of "uninitialized physical memory pages."
It is speculated that due to AMD gaining more ground in market shares as of the last year, both their chipsets and graphics cards may see more attacks, and we may see more immediate fixes in the future. We have recently seen AMD GPUs under attack through an exploit found via the memory sections of their GPUs.
AMD is instructing users to download the AMD PSP driver through Windows Update (AMD PSP driver 5.17.0.0) or the AMD CPU driver from their support page (AMD Chipset Driver 3.08.17.735).
The post AMD CPU Vulnerability Found, Divulges Passwords As Non-Administrative User by Jason R. Wilson appeared first on Wccftech.
source https://wccftech.com/amd-cpu-vulnerability-found-divulges-passwords-as-non-administrative-user/