Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

AMD PSP Affected By Vulnerability

Written by Michael Larabel in AMD on 5 January 2018 at 03:47 PM EST. 83 Comments

AMD

While all eyes have been on Intel this week with the Spectre and Meltdown vulnerabilities, a disclosure was publicly made this week surrounding AMD's PSP Secure Processor in an unrelated security bulletin.

AMD's Secure Processor / Platform Security Processor (PSP) that is akin to Intel's Management Engine (ME) is reportedly vulnerable to attack.

A member of Google's Cloud Security Team discovered through static analysis that a function in PSP's firmware TPM code is vulnerable to a stack-based overflow due to missing bounds checks. Submitting a specially-crafted certificate to the fTPM trustlet code can lead to an overflow and then full control on the program counter.

Google reported this issue to the AMD Security Team in September and then in December began rolling out a software fix. Following the 90-day disclosure process, the information was made public here.

Update: Contrary to the original security notice, AMD has now confirmed to us this vulnerability isn't subject to remote code execution.

83 Comments

Related News

AMD's GPUOpen Releases Updated RGP, RGA & RMV Tools For Developers

AMD ZenDNN 4.1 Released For Speeding Up Deep Learning Inference On Ryzen / EPYC CPUs

AMD Versal HBM Adaptive SoCs Enter Production

Expanded Platform Support For AMD Dynamic Boost Control Being Worked On For Linux

AMD UIF 1.2 Released With Initial Radeon GPU Support

AMD Preferred Core Patches Updated For Linux

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

The Maintainer Of The NVIDIA Open-Source "Nouveau" Linux Kernel Driver Resigns

Valve Is A Wonderful Upstream Contributor To Linux & The Open-Source Community

GCC Preparing To Introduce "-fhardened" Security Hardening Option

Intel To Further Collaborate With Red Hat, Canonical & SUSE For Intel-Optimized Linux Distros

Ubuntu 23.04 & 22.04.3 Installs Haven't Been Following Their Own Security Best Practices

SteamOS 3.5 Rolls Out In Preview On The Steam Deck With Many New Features

ReactOS "Open-Source Windows" Shown Running On Valve's Steam Deck

Microsoft Releases A Big Update To Windows Subsystem For Linux, New Experimental Options