Intel bug report points finger at AMD for a chunk of GPU vulnerabilities

intel-bug-report-points-finger-at-amd-for-a-chunk-of-gpu
vulnerabilities

Intel recently published its 2021 Product Security Report, and it’s a doozy. The report dives into all the bugs, vulnerabilities, and more that impacted Intel’s products across the year, and from a numbers perspective, there are a lot of interesting figures to note. Most of all, though, it’s a glimpse of how Intel stacks up versus AMD when it comes to ‘whose products are safer than whose’, and how Intel and AMD’s brief comradeship may have led to the largest weak spot in both companies’ armour.

In 2021, Intel reported a total of 226 vulnerabilities in its product stack, ranging from bugs in ethernet products to FPGAs and everything in between. The majority of these bugs were discovered by Intel, though bug bounty programs and other organisations account for a hefty number of the vulnerabilities reported.

Intel bug report 2021 screenshot showing CVE count by product category graph

(Image credit: Intel)

The single largest source of these vulnerabilities are Intel’s GPU products, which totalled 52 in 2021. Then it’s a tie between ethernet products and software for second, both claiming 34 bugs throughout the year.

If you dive further into Intel’s GPU vulnerability stats, however, and duly noted by our friends at Tom’s Hardware, you’ll find that a large number of its GPU vulnerabilities are related to just a handful of processors: 8th Gen Intel Core processors with Radeon RX Vega graphics. 

And that more than half of Intel’s GPU vulnerabilities were in fact reported in AMD’s software.

This stems from a brief stint of cooperation between Intel and AMD, in which Intel provided its Kaby Lake Core CPU architecture alongside AMD-provided Radeon RX Vega M graphics. The resulting Kaby Lake G chips formed the basis for a handful of products when they were released in 2018, though the big one of interest is the Intel Hades Canyon gaming NUC

This Hades Canyon NUC was a pretty nifty little machine at the time, and it worked great for me as a discrete streaming box. Though the Intel and AMD experiment it was born out of never went any further.

Intel bug report 2021 screenshot showing bug discoveries in 2021 versus previous years

(Image credit: Intel)

The burden of bug fixing still falls on Intel and AMD’s shoulders, however—these processors are a poisoned chalice for both Intel and AMD, even in 2021.

Of the 52 vulnerabilities found in Intel’s GPU stack, 23 of them are related to the Intel Core processors with Radeon RX Vega M graphics. Of these 23 bugs, AMD is assigned 22 of them, which for the most part are found in the Radeon graphics drivers for Windows. The Radeon software installer also is noted as containing exploitable code.

Intel bug report 2021 screenshot showing bug discoveries in 2021 versus AMD

(Image credit: Intel)

The report states AMD had 27 graphics vulnerabilities reported in 2021, which is notably fewer than Intel’s 51. Intel does, however, state that it doesn’t report bugs found by AMD directly and only has access to those reported between May and December 2021.

Ultimately, though, the responsibility falls on both companies to make sure their products are safe, and that includes projects such as Kaby Lake G that have since been thrown aside. 

That’s what’s been done, too, as AMD outlines the mitigations for the CVE’s listed in AMD-SB-1000.

Cooling off

Cooler Master MasterLiquid ML360R and EK-AIO Basic 240 CPU coolers on a two-tone grey background

(Image credit: Cooler Master, EKWB)

Best AIO cooler for CPUs: All-in-one, and one for all… components.
Best CPU air coolers: CPU fans that don’t go brrr.

On to CPUs and Intel is claiming 16 newly discovered CPU vulnerabilities in 2021. That’s a combination of those discovered by Intel (10) and through its bug bounty program (6).

AMD had 31 vulnerabilities according to the report, though again that’s only counting those discovered externally and reported during the given timeframe.

Both companies have recently appeared to ramp up efforts in security, most of all following major vulnerabilities such as Meltdown and Spectre. Each year it’s more important than ever to do so, too, as rarely a month goes by without some incident of hacking, heisting, or black hatting.

My main takeaway from this report, however, is that Intel and AMD probably won’t want to work together on any future projects.

You Might Also Like

Leave a Reply