Security bug in AMD PSP firmware

By: Adrian (a.delete@this.acm.org), June 25, 2019 8:38 pm
Room: Moderated Discussions


Due to a firmware bug, the private encryption keys can be extracted from the AMD PSP, unless the PSP firmware is updated to a corrected version.


https://seclists.org/fulldisclosure/2019/Jun/46



This bug is a typical case of lack of validation of the input from the user.


It was very easy to fix, but it shows once more an example of the practice that is unfortunately common to almost all companies, where they omit to hire some cryptography expert to audit their cryptography code.


This vulnerability was well known since almost 20 years ago and any expert would have verified if the firmware includes a check for it.




 Next Post in Thread >
TopicPosted ByDate
Security bug in AMD PSP firmwareAdrian2019/06/25 08:38 PM
  Security bug in AMD PSP firmwareSeeYouSeeMe2019/06/26 07:50 AM
    Won't happen, not realisticanonymous22019/06/26 09:10 AM
      Won't happen, not realisticdmcq2019/06/27 01:38 AM
    Security bug in AMD PSP firmwareDavid Hess2019/07/02 10:20 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell green?