CVE-2021-26333 – AMD Chipset Driver Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2021-26333

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages. Se presenta una vulnerabilidad de divulgación de información en AMD Platform Security Processor (PSP) chipset driver. La lista de control de acceso discrecional (DACL) puede permitir a usuarios con pocos privilegios abrir una manija y enviar peticiones al controlador, resultando en un potencial filtrado de datos de páginas físicas no inicializadas • http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html http://seclists.org/fulldisclosure/2021/Sep/24 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-909: Missing Initialization of Resource •