Connect with us

Hi, what are you looking for?


Endpoint Security

Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities

Intel and AMD have informed their customers about a total of more than 130 vulnerabilities found in their products.

CPU Patch Tuesday

Chipmakers Intel and AMD both released security advisories this Patch Tuesday, informing customers about a total of more than 130 vulnerabilities found in their products. 


Intel has published 31 advisories covering roughly 105 vulnerabilities. One of the most interesting flaws patched by Intel this week is a CPU flaw discovered internally by the company and independently by Google researchers.

Dubbed Reptar and tracked as CVE-2023-23583, the security hole can allow an attacker with access to a guest machine in a multi-tenant virtualized environment to cause the host machine and other guest machines on the same host to crash. The vulnerability could potentially also lead to information disclosure or privilege escalation.

Intel also informed customers on Tuesday about a critical vulnerability — with a CVSS score of 10 — affecting Data Center Manager (DCM) software. The flaw, tracked as CVE-2023-31273, can allow an unauthenticated attacker to escalate privileges via network access.

In addition to the one describing Reptar, nine of the company’s latest advisories address high-severity vulnerabilities, including in oneAPI, Server Board and Server System BIOS firmware, QuickAssist Technology (QAT), NUC software, One Boot Flash Update (OFU) software, Connectivity Performance Suite software, In-Band Manageability software, and Unison software. 

The remaining advisories describe medium- and low-severity vulnerabilities. 


Advertisement. Scroll to continue reading.

AMD on Tuesday published five new security advisories to inform customers about a total of 27 vulnerabilities. 

One of the advisories covers CVE-2023-20592, aka CacheWarp, a new AMD CPU vulnerability that can pose a risk to virtual machines (VMs), potentially allowing attackers to hijack control flow, break into an encrypted VM, and escalate privileges. The weakness impacts AMD Secure Encrypted Virtualization (SEV).

The company has also informed customers about security holes found in Secure Processor (ASP), System Management Unit (SMU) and other components, including four high-severity issues that could lead to arbitrary code execution or privilege escalation.

A different advisory covers a high-severity flaw in SMM Supervisor, which attackers may be able to exploit for arbitrary code execution. 

Ten server vulnerabilities affecting components such as ASP, SMU and SEV were also addressed, including a high-severity issue that can lead to code execution.

In graphics drivers, AMD fixed four medium-severity flaws that could allow an attacker to execute arbitrary code or cause a DoS condition.

Related: Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities

Related: Retbleed: New Speculative Execution Attack Targets Intel, AMD Processors

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.