CVE-2021-26333

Published on: 09/21/2021 12:00:00 AM UTC

Last Modified on: 10/07/2021 04:12:00 PM UTC

CVE-2021-26333 - advisory for AMD-SB-1009

Source: Mitre Source: Nist Print: PDF PDF
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Certain versions of Chipset Driver from Amd contain the following vulnerability:

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.

  • CVE-2021-26333 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: URL Logo AMD - PSP Driver version < 5.17.0.0

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 4.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE NONE NONE

CVE References

Description Tags Link
AMD Chipset Driver Information Disclosure / Memory Leak ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html
AMD Chipset Driver Information Disclosure Vulnerability | AMD web.archive.org
text/html
Inactive LinkNot Archived
URL Logo MISC www.amd.com/en/corporate/product-security/bulletin/amd-sb-1009
Full Disclosure: AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333] seclists.org
text/html
URL Logo FULLDISC 20210917 AMD Chipset Driver Information Disclosure Vulnerability [CVE-2021-26333]

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationAmdChipset DriverAllAllAllAll
ApplicationAmdPsp DriverAllAllAllAll
  • cpe:2.3:a:amd:chipset_driver:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:amd:psp_driver:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @ZeroPeril Time to upgrade your AMD chipset drivers! ? zeroperil.co.uk/cve-2021-26333/ 2021-09-15 10:18:32
Twitter Icon @Webimprints #infosec #informationsecurity CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información c… twitter.com/i/web/status/1… 2021-09-17 21:52:37
Twitter Icon @securityaffairs CVE-2021-26333 #AMD Chipset Driver flaw allows obtaining sensitive data securityaffairs.co/wordpress/1223… #securityaffairs #hacking 2021-09-17 22:19:29
Twitter Icon @AcooEdi CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data dlvr.it/S7nKwy 2021-09-17 22:22:32
Twitter Icon @thedpsadvisors CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data securityaffairs.co/wordpress/1223… 2021-09-17 22:22:32
Twitter Icon @shah_sheikh CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data: Chipmaker AMD has addressed a vulnerability… twitter.com/i/web/status/1… 2021-09-17 22:22:32
Twitter Icon @Alevskey CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data: ift.tt/3zkhtrH by Security Affairs… twitter.com/i/web/status/1… 2021-09-17 22:25:24
Twitter Icon @daveDFIR ift.tt/3zkhtrH .. CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data #news #tech #nsa… twitter.com/i/web/status/1… 2021-09-17 22:28:27
Twitter Icon @security_inside CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data securityaffairs.co/wordpress/1223… 2021-09-17 22:34:28
Twitter Icon @IT_securitynews CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data itsecuritynews.info/cve-2021-26333… 2021-09-17 22:37:33
Twitter Icon @profxeni r/t "CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data" bit.ly/3EnHZnP 2021-09-17 22:47:39
Twitter Icon @arrgibbs CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data #Cybersecurity #datasecurity #AMD go.newsfusion.com/security/item/… 2021-09-17 23:39:23
Twitter Icon @CyberIQs_ CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data cyberiqs.com/cve-2021-26333… #infosec… twitter.com/i/web/status/1… 2021-09-17 23:57:28
Twitter Icon @SecUnicorn CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data ift.tt/3AkEFHG #Infosec 2021-09-18 00:08:28
Twitter Icon @test2v CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data - Security Affairs securityaffairs.co/wordpress/1223… 2021-09-18 00:21:27
Twitter Icon @iSecurity CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data dlvr.it/S7nbFs #InfoSecNews 2021-09-18 00:51:01
Twitter Icon @LudovicoLoreti CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data securityaffairs.co/wordpress/1223… #Security #AMD… twitter.com/i/web/status/1… 2021-09-18 05:01:15
Twitter Icon @iamTdivyesh AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain… twitter.com/i/web/status/1… 2021-09-18 06:14:01
Twitter Icon @Dinosn CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data securityaffairs.co/wordpress/1223… 2021-09-18 06:19:04
Twitter Icon @BigData_Fr CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data - bit.ly/3AlBKy9 - thanks… twitter.com/i/web/status/1… 2021-09-18 07:08:33
Twitter Icon @CKsTechNews #AMD #Chipset Vulnerability Leaks Passwords, Patch Available CVE: zeroperil.co.uk/cve-2021-26333/ AMD response:… twitter.com/i/web/status/1… 2021-09-18 07:12:15
Twitter Icon @DataScientistsF CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data - bit.ly/3AlBKy9 - thanks… twitter.com/i/web/status/1… 2021-09-18 07:29:31
Twitter Icon @omvapt CVE-2021-26333 #AMD #Chipset Driver #Vulnerability flaw allows obtaining #sensitive_data vapt.me/AMDChipset 2021-09-18 07:30:08
Twitter Icon @mrsyedalihasan CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data dlvr.it/S7pG3H 2021-09-18 08:02:02
Twitter Icon @KeoXes AMD Chipset Driver Information Disclosure Vulnerability[CVE-2021-26333]: ift.tt/3hEdj7W #follow & #RT #cybersecurity #infosec 2021-09-18 08:33:44
Twitter Icon @d34dr4bbit CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive dataSecurity Affairs aeternusmalus.wordpress.com/2021/09/18/cve… 2021-09-18 09:35:16
Twitter Icon @_SChmielewski CVE-2021-26333 #AMD Chipset Driver flaw allows obtaining sensitive data @securityaffairs #cybersecurity… twitter.com/i/web/status/1… 2021-09-18 09:55:02
Twitter Icon @ipssignatures The vuln CVE-2021-26333 has a tweet created 0 days ago and retweeted 12 times. twitter.com/iamTdivyesh/st… #pow1rtrtwwcve 2021-09-18 10:06:01
Twitter Icon @d34dr4bbit CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive dataSecurity Affairs aeternusmalus.wordpress.com/2021/09/18/cve… 2021-09-18 10:35:26
Twitter Icon @SecurityNewsbot AMD Chipset Driver Information #Disclosure #Vulnerability [CVE-2021-26333] seclists.org/fulldisclosure… #FullDisclosure 2021-09-18 12:45:08
Twitter Icon @RedPacketSec CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data - redpacketsecurity.com/cve-2021-26333… #Hacking #OSINT… twitter.com/i/web/status/1… 2021-09-18 16:03:18
Twitter Icon @ChiNetworks Chipmaker #AMD has addressed a #vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacke… twitter.com/i/web/status/1… 2021-09-19 00:03:00
Twitter Icon @reach2ratan CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data dlvr.it/S7sbxw #CyberSecurity… twitter.com/i/web/status/1… 2021-09-19 15:30:32
Twitter Icon @SecurityNewsbot CVE-2021-26333 AMD Chipset Driver #flaw allows obtaining sensitive data securityaffairs.co/wordpress/1223… #SecurityAffairs 2021-09-19 16:15:09
Twitter Icon @NormanOre CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data Chipmaker AMD has addressed a vulnerability… twitter.com/i/web/status/1… 2021-09-20 00:48:30
Twitter Icon @barryshess CVE-2021-26333 - ZeroPeril Blog #AMD #chipset #cybersecurity #vulnerabilities bit.ly/3kj3azo 2021-09-20 18:19:48
Twitter Icon @BrainiumIT To know more about the report of AMD Chipset Driver Information Disclosure Vulnerability, visit the link. zeroperil.co.uk/cve-2021-26333/ 2021-09-21 05:35:52
Twitter Icon @CVEreport CVE-2021-26333 : An information disclosure vulnerability exists in AMD Platform Security Processor PSP chipset dr… twitter.com/i/web/status/1… 2021-09-21 11:03:12
Twitter Icon @webistore Уязвимость CVE-2021-26333 в драйверах чипсетов AMD - webistore.ru/zhelezo/uyazvi… https://t.co/kOumIvTkN8 2021-09-21 13:25:17
Twitter Icon @0_exploit CVE-2021-26333 dlvr.it/S80hlX 2021-09-21 16:59:03
Twitter Icon @ryanyates1990 Not seen this widely shared but CVE-2021-26333 impacts a number of AMD chips A simple driver update is all you nee… twitter.com/i/web/status/1… 2021-09-21 22:25:06
Twitter Icon @NRG_fx CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data #security #privacy #group securityaffairs.co/wordpress/1223… 2021-09-22 05:54:10
Twitter Icon @infomgmttoday Check out this great post: CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data by… twitter.com/i/web/status/1… 2021-09-24 15:35:01
Twitter Icon @eyalestrin AMD Chipset Driver Information Disclosure Vulnerability (CVE-2021-26333) ift.tt/39CuQci 2021-09-25 09:02:46
Twitter Icon @pressebanknet CVE-2021-26333 – Fehler im AMD PSP-Chipsatz betrifft Millionen von Computern duthel.info/cve-2021-26333… 2021-10-02 07:11:09
Reddit Logo Icon /r/InfoSecNews CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data 2021-09-18 00:45:12
Reddit Logo Icon /r/lowlevel CVE-2021-26333 - AMD Chipset Driver Information Disclosure Vulnerability 2021-09-18 11:27:53
Reddit Logo Icon /r/AMD_Technology_Bets AMD Ryzen Owners Update Your Drivers ASAP To Patch This Password Stealing Exploit 2021-09-19 00:17:45
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report