Intel bug report singles out AMD for part of GPU vulnerabilities

Intel recently released its 2021 Product Security Report, and it’s a doozy. The report takes a look at all the bugs, vulnerabilities and the like that have impacted Intel products throughout the year, and numbers-wise, there are a lot of interesting numbers to note. But more importantly, it’s a look at how Intel stacks up against AMD when it comes to “which products are more secure than which,” and how Intel and AMD’s brief camaraderie may have leads to the biggest weak point in both companies’ armor.

In 2021, Intel reported a total of 226 vulnerabilities in its product stack, ranging from bugs in Ethernet products to FPGAs and everything in between. The majority of these bugs were discovered by Intel, although bug bounty programs and other organizations account for many of the reported vulnerabilities.

Screenshot of Intel 2021 bug report showing CVE counts by product category

(Image credit: Intel)

The biggest source of these vulnerabilities are Intel’s GPU products, which totaled 52 in 2021. Then it’s a link between Ethernet products and software for the second, both claiming 34 bugs throughout the year. ‘year.

If you dive deeper into Intel’s GPU vulnerability stats, however, and duly noted by our friends at Tom’s Hardware, you’ll find that many of its GPU vulnerabilities are tied to a handful of processors: Intel Core processors. 8th Generation with Radeon RX Vega Graphics.

And that more than half of Intel’s GPU vulnerabilities have actually been reported in AMD’s software.

This stems from a brief cooperation between Intel and AMD, in which Intel provided its Kaby Lake Core processor architecture alongside AMD-supplied Radeon RX Vega M graphics. The resulting Kaby Lake G chips formed the basis of a handful of products when they were released in 2018, although the most interesting was the Intel Hades Canyon gaming NUC.

This Hades Canyon NUC was a pretty nifty little machine at the time, and it worked great for me as a low-profile streaming box. Although the Intel and AMD experience from which it was born never went further.

Screenshot of the 2021 Intel Bug Report showing bug discoveries in 2021 compared to previous years

(Image credit: Intel)

However, the burden of fixing bugs still rests on Intel and AMD’s shoulders – these processors are a poisoned gift for Intel and AMD, even in 2021.

Of the 52 vulnerabilities found in Intel’s GPU stack, 23 of them are related to Intel Core processors with Radeon RX Vega M graphics. Of these 23 bugs, AMD is assigned 22, which are found for the most in Radeon graphics drivers for Windows. The Radeon Software Installer is also noted to contain exploitable code.

(Image credit: Intel)

The report says AMD had 27 graphics vulnerabilities reported in 2021, which is significantly fewer than Intel’s 51. Intel however states that it does not directly report bugs found by AMD and only has access to those reported between May and December 2021.

Ultimately, however, the responsibility rests with both companies to ensure their products are safe, and that includes projects such as Kaby Lake G which have since been abandoned.

This has been done as well, as AMD outlines mitigations for the CVEs listed in AMD-SB-1000.

Moving on to processors, Intel claims 16 newly discovered processor vulnerabilities in 2021. This is a combination of those discovered by Intel (10) and through its bug bounty program (6).

AMD had 31 vulnerabilities according to the report, but again, this only counts those discovered externally and reported during the given time period.

Both companies have appeared to be stepping up their security efforts recently, mostly in the wake of major vulnerabilities such as Meltdown and Spectre. Every year, it’s more important than ever to do so, as rarely does a month go by without a hack, robbery or black hat incident.

However, my main takeaway from this report is that Intel and AMD are unlikely to want to work together on future projects.

Comments are closed.