Back to Security Bulletins

AMD Chipset Driver Information Disclosure Vulnerability

Bulletin ID: AMD-SB-1009
Potential Impact: Information Disclosure
Severity: Medium

Summary

Low privileged malicious users may be able to access and leak data through the AMD Chipset Driver. 

CVE Details

CVE-2021-26333

Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.

Affected Products

  • 2nd Gen AMD Ryzen Mobile Processor with Radeon Graphics 
  • 2nd Gen AMD Ryzen Threadripper processor
  • 3rd Gen AMD Ryzen™ Threadripper™ Processors
  • 6th Generation AMD A series CPU with Radeon™ Graphics
  • 6th Generation AMD A-Series Mobile Processor  
  • 6th Generation AMD FX APU with Radeon™ R7 Graphics 
  • 7th Generation AMD A-Series APUs
  • 7th Generation AMD A-Series Mobile Processor  
  • 7th Generation AMD E-Series Mobile Processor
  • AMD A4-Series APU with Radeon Graphics 
  • AMD A6 APU with Radeon R5 Graphics
  • AMD A8 APU with Radeon R6 Graphics
  • AMD A10 APU with Radeon R6 Graphics
  • AMD 3000 Series Mobile Processors with Radeon™ Graphics 
  • AMD Athlon 3000 Series Mobile Processors with Radeon™ Graphics  
  • AMD Athlon Mobile Processors with Radeon™ Graphics 
  • AMD Athlon X4 Processor
  • AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics 
  • AMD Athlon™ X4 Processor
  • AMD E1-Series APU with Radeon Graphics
  • AMD Ryzen™ 1000 series Processor
  • AMD Ryzen™ 2000 series Desktop Processor
  • AMD Ryzen™ 2000 series Mobile Processor  
  • AMD Ryzen™ 3000 Series Desktop Processor
  • AMD Ryzen™ 3000 series Mobile Processor with  Radeon™ Graphics  
  • AMD Ryzen™ 3000 series Mobile Processor 
  • AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics
  • AMD Ryzen™ 5000 Series Desktop Processor
  • AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics 
  • AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
  • AMD Ryzen™ Threadripper™ PRO Processor
  • AMD Ryzen™ Threadripper™ Processor

Mitigation

AMD recommends updating to AMD PSP driver 5.17.0.0 through Windows Update or by updating to AMD Chipset Driver 3.08.17.735.

Acknowledgement

AMD thanks Kyriakos Economou from ZeroPeril Ltd for reporting this issue and engaging in coordinated vulnerability disclosure.

 

Revisions

None

DISCLAIMER

The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.

AMD, the AMD Arrow logo, and combinations thereof are trademarks of Advanced Micro Devices, Inc. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

© 2021 Advanced Micro Devices, Inc. All rights reserved.