In the calendar year 2024, Intel patched a total of 374 vulnerabilities in software, firmware, and hardware products, and paid bug bounty rewards for roughly half of them.
The largest number of bugs resolved last year (272) were found in software such as utilities (146), drivers (68), applications (35), SDKs (9), toolkits (8), and NUC appliances (5), Intel notes in its latest product security report.
The company also resolved 81 flaws in firmware in 2024, with UEFI (30), NUC BIOS (19), networking products (10) and chipsets (8) being impacted the most.
Last year, Intel patched 21 hardware vulnerabilities, including processors, Intel SGX, and side-channel issues, all discovered internally.
The total number of security defects resolved last year was 6% higher compared to 2023, but Intel says the number of flaws discovered and mitigated through its proactive efforts has increased as well, to 94% for firmware bugs and 92% for software issues.
According to the company, bug bounty rewards were handed out for 53% of the 374 vulnerabilities resolved in 2024, with most of the rewards (84%) being paid for software flaws. The remaining 16% were paid out for firmware defects.
In recent years Intel has no longer shared information on the bug bounty amounts it has paid out.
Intel’s report also shows that UEFI was the top bug bounty product category last year, followed by Power Gadget, NUC, NUC BIOS, and networking components.
The tech giant also notes that it reported 52 platform firmware vulnerabilities, seven issues in its hardware root-of-trust firmware, and 10 GPU flaws last year.
To keep products patched, the company relies on a quarterly process of rolling out updates in microcode, firmware, and system BIOS, which also enables partners to validate and integrate the fixes on a predictable schedule.
Related: Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories
Related: New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs
Related: Intel Warns of 20+ Vulnerabilities, Advises Firmware Updates
Related: Intel Says No New Mitigations Required for Indirector CPU Attack
