Intel, AMD Patch High Severity Security Flaws

Chipmakers Intel and AMD this week released patches for multiple security vulnerabilities in a wide range of product lines, including fixes for a series of high-risk issues in software drivers.

AMD published three bulletins this week documenting at least 27 security problems in the AMD Graphics Driver for Windows 10.

Exploitation of these flaws could allow an attacker to escalate privileges on a vulnerable system, leak information, bypass KASLR, cause a denial of service condition, or write arbitrary data to kernel memory, the company said.

AMD rated 18 of vulnerabilities as high-severity, while the remaining 9 are considered medium-risk. Some of these issues were identified and reported last year, and all are addressed with the release of Radeon software 21.4.1 and higher, and 21.Q2 Enterprise Driver.

[READ: Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs ]

Separately, Intel published a total of 25 advisories this week with patches for many of these vulnerabilities are also available for Intel Core processors with Radeon RX Vega M GL integrated graphics.

The flaws impact Intel Core i5-8305G and i7-8706G processors that feature AMD’s integrated graphics, as well as the Intel graphics driver for Windows 10 64-bit for NUC8i7HNK and NUC8i7HVK. Intel said Version 21.10 or later of these drivers address the bugs.  

Intel also shipped patches for high severity vulnerabilities in PROSet/Wireless WiFi and Killer WiFi, Solid State Drive (SSD) Data Center (DC) products, SoC Watch driver, and Intel processors.

Adversaries could exploit these vulnerabilities to cause a denial of service condition, escalate privileges, or leak information, the company said.

Related: Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs

Related: Intel Fixes Bugs in NUC 9 Extreme Laptops, Ethernet Linux Drivers

view counter

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:
Tags:

https://www.securityweek.com/intel-amd-patch-high-severity-security-flaws