The issue was this leaking of previously stored data in system memory, due to reusing the system memory without re-initializing it.
> If the userspace aapplication requests to initialise 1 byte,
> the driver will round that up to a full 4096 bytes, and allocate that much memory.
>
> However, it will only initialise the first byte, leaving the rest in its prior state.
> The user can then access the remaining 4095 bytes which have been untouched,
> thus gaining access to the contents of uninitialised memory.
- AMD PSP driver 5.17.0.0
- AMD Chipset Driver 3.08.17.735
https://www.amd.com/en/corporate/product-security/bulletin/a...
> In short, it’s a coprocessor that has access to just about every part of the computers to which it’s inside. This makes it a prime target for attacks. Introduced around 2013, it’s also entirely closed source, existing as an unknown black box within modern AMD CPUs, which makes the security-conscious highly wary. Operating at a low-level, entirely outside the purview of the main CPU and operating system, the PSP, like the IME, is often considered a potential backdoor into a machine.
[0] - https://en.wikipedia.org/wiki/AMD_Platform_Security_Processo...
[1] - https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-...
[2] - https://www.reddit.com/r/Amd/comments/852s99/q_is_there_any_...
My AMD build machine is sold by MSI for gaming. I don't remember having seen such option, there are options for overclocking... Cannot double check now, the machine is in the office and I won't be there before it crashes (knocking on wood) or there is some high priority kernel update.
That said...
Don't you have to turn the PSP on (like IME) for it to be vulnerable to exploitation?
> The first part of the problem is when a user makes a call to the AMD driver to allocate some uninitialised memory using the AMD PSP
> The second problem involves calls to the driver to free up contiguous memory space that has previously been allocated.
Surely (LOL) unprivileged code isn't allowed to make these calls?