cve/2021/CVE-2021-26333.md

### [CVE-2021-26333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26333)
![](https://img.shields.io/static/v1?label=Product&message=PSP%20Driver&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=PSP%20Driver%3C%205.17.0.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen)

### Description

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.

### POC

#### Reference
- http://packetstormsecurity.com/files/164202/AMD-Chipset-Driver-Information-Disclosure-Memory-Leak.html
- http://seclists.org/fulldisclosure/2021/Sep/24

#### Github
- https://github.com/ARPSyndicate/cvemon