This is <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26333" rel="nofollow">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2633...</a> originally discovered in April 2021.<p>The issue was this leaking of previously stored data in system memory, due to reusing the system memory without re-initializing it.<p><pre><code> > If the userspace aapplication requests to initialise 1 byte,
> the driver will round that up to a full 4096 bytes, and allocate that much memory.
>
> However, it will only initialise the first byte, leaving the rest in its prior state.
> The user can then access the remaining 4095 bytes which have been untouched,
> thus gaining access to the contents of uninitialised memory.
</code></pre>
Apparently patched in the currently available latest drivers starting from<p>- AMD PSP driver 5.17.0.0<p>- AMD Chipset Driver 3.08.17.735<p><a href="https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009" rel="nofollow">https://www.amd.com/en/corporate/product-security/bulletin/a...</a>
For those who like myself don't know what PSP might be, from the article:<p>> In short, it’s a coprocessor that has access to just about every part of the computers to which it’s inside. This makes it a prime target for attacks. Introduced around 2013, it’s also entirely closed source, existing as an unknown black box within modern AMD CPUs, which makes the security-conscious highly wary. Operating at a low-level, entirely outside the purview of the main CPU and operating system, the PSP, like the IME, is often considered a potential backdoor into a machine.
God I HATE this beneath-the-bottom-of-the-barrel quality enterprise value add shite. And the enterprises that keep paying for them without any idea of just how bad the quality is...<p>That said...<p>Don't you have to turn the PSP on (like IME) for it to be vulnerable to exploitation?<p>> The first part of the problem is when a user makes a call to the AMD driver to allocate some uninitialised memory using the AMD PSP<p>> The second problem involves calls to the driver to free up contiguous memory space that has previously been allocated.<p>Surely (LOL) unprivileged code isn't allowed to make these calls?