Search criteria
3 vulnerabilities found for psp_driver by amd
FKIE_CVE-2021-26333
Vulnerability from fkie_nvd - Published: 2021-09-21 11:15 - Updated: 2024-11-21 05:56
Severity ?
Summary
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@amd.com | http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html | Third Party Advisory, VDB Entry | |
| psirt@amd.com | http://seclists.org/fulldisclosure/2021/Sep/24 | Mailing List, Third Party Advisory | |
| psirt@amd.com | https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Sep/24 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amd | chipset_driver | * | |
| amd | psp_driver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amd:chipset_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E838E1F2-F531-4731-85E8-9FF187B0DA14",
"versionEndExcluding": "3.08.17.735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:amd:psp_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAC847FF-5C06-42F2-BBCC-716D6824B066",
"versionEndExcluding": "5.17.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en AMD Platform Security Processor (PSP) chipset driver. La lista de control de acceso discrecional (DACL) puede permitir a usuarios con pocos privilegios abrir una manija y enviar peticiones al controlador, resultando en un potencial filtrado de datos de p\u00e1ginas f\u00edsicas no inicializadas"
}
],
"id": "CVE-2021-26333",
"lastModified": "2024-11-21T05:56:07.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-21T11:15:07.203",
"references": [
{
"source": "psirt@amd.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html"
},
{
"source": "psirt@amd.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/24"
},
{
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009"
}
],
"sourceIdentifier": "psirt@amd.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@amd.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-909"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-26333 (GCVE-0-2021-26333)
Vulnerability from cvelistv5 – Published: 2021-09-21 10:49 – Updated: 2024-09-16 22:08
VLAI?
Title
AMD Chipset Driver Information Disclosure Vulnerability
Summary
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | PSP Driver |
Affected:
PSP Driver , < 5.17.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:23.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210917 AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PSP Driver",
"vendor": "AMD",
"versions": [
{
"lessThan": "5.17.0.0",
"status": "affected",
"version": "PSP Driver",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T10:50:49",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"name": "20210917 AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009"
}
],
"source": {
"advisory": "AMD-SB-1009",
"discovery": "EXTERNAL"
},
"title": "AMD Chipset Driver Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-09-14T19:30:00.000Z",
"ID": "CVE-2021-26333",
"STATE": "PUBLIC",
"TITLE": "AMD Chipset Driver Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PSP Driver",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "PSP Driver",
"version_value": "5.17.0.0"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210917 AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/24"
},
{
"name": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009"
}
]
},
"source": {
"advisory": "AMD-SB-1009",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26333",
"datePublished": "2021-09-21T10:49:49.457304Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T22:08:38.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26333 (GCVE-0-2021-26333)
Vulnerability from nvd – Published: 2021-09-21 10:49 – Updated: 2024-09-16 22:08
VLAI?
Title
AMD Chipset Driver Information Disclosure Vulnerability
Summary
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | PSP Driver |
Affected:
PSP Driver , < 5.17.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:23.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210917 AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PSP Driver",
"vendor": "AMD",
"versions": [
{
"lessThan": "5.17.0.0",
"status": "affected",
"version": "PSP Driver",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T10:50:49",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"name": "20210917 AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333]",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009"
}
],
"source": {
"advisory": "AMD-SB-1009",
"discovery": "EXTERNAL"
},
"title": "AMD Chipset Driver Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2021-09-14T19:30:00.000Z",
"ID": "CVE-2021-26333",
"STATE": "PUBLIC",
"TITLE": "AMD Chipset Driver Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PSP Driver",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "PSP Driver",
"version_value": "5.17.0.0"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210917 AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/24"
},
{
"name": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009"
}
]
},
"source": {
"advisory": "AMD-SB-1009",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26333",
"datePublished": "2021-09-21T10:49:49.457304Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T22:08:38.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}