Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Intel, AMD Patch High Severity Security Flaws

Chipmakers Intel and AMD this week released patches for multiple security vulnerabilities in a wide range of product lines, including fixes for a series of high-risk issues in software drivers.

Chipmakers Intel and AMD this week released patches for multiple security vulnerabilities in a wide range of product lines, including fixes for a series of high-risk issues in software drivers.

AMD published three bulletins this week documenting at least 27 security problems in the AMD Graphics Driver for Windows 10.

Exploitation of these flaws could allow an attacker to escalate privileges on a vulnerable system, leak information, bypass KASLR, cause a denial of service condition, or write arbitrary data to kernel memory, the company said.

AMD rated 18 of vulnerabilities as high-severity, while the remaining 9 are considered medium-risk. Some of these issues were identified and reported last year, and all are addressed with the release of Radeon software 21.4.1 and higher, and 21.Q2 Enterprise Driver.

[READ: Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs ]

Separately, Intel published a total of 25 advisories this week with patches for many of these vulnerabilities are also available for Intel Core processors with Radeon RX Vega M GL integrated graphics.

The flaws impact Intel Core i5-8305G and i7-8706G processors that feature AMD’s integrated graphics, as well as the Intel graphics driver for Windows 10 64-bit for NUC8i7HNK and NUC8i7HVK. Intel said Version 21.10 or later of these drivers address the bugs.  

Intel also shipped patches for high severity vulnerabilities in PROSet/Wireless WiFi and Killer WiFi, Solid State Drive (SSD) Data Center (DC) products, SoC Watch driver, and Intel processors.

Advertisement. Scroll to continue reading.

Adversaries could exploit these vulnerabilities to cause a denial of service condition, escalate privileges, or leak information, the company said.

Related: Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs

Related: Intel Fixes Bugs in NUC 9 Extreme Laptops, Ethernet Linux Drivers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.