Vulnerabilities > CVE-2021-26333 - Missing Initialization of Resource vulnerability in AMD Chipset Driver and PSP Driver

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
local
low complexity
amd
CWE-909

Summary

An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.

Vulnerable Configurations

Part Description Count
Application
Amd
2

Common Weakness Enumeration (CWE)