March 13, 2024 at 12:51PM
Intel and AMD released 10 new security advisories on Patch Tuesday. Intel’s advisories include 8 new issues, with 2 high-severity vulnerabilities impacting BIOS firmware and 4th Generation Xeon processors. They also address medium and low-severity vulnerabilities affecting processors. The company has released microcode updates to mitigate these issues. AMD’s advisories cover the GhostRace vulnerability and a WebGPU browser-based GPU cache side-channel attack.
From the meeting notes, it is evident that both Intel and AMD have released security advisories to address vulnerabilities in their products.
Intel has published eight new advisories, including two high-severity vulnerabilities. One vulnerability impacts the BIOS firmware for some Intel processors, while the second affects the on-chip debug and test interface in some 4th Generation Intel Xeon processors. The remaining nine issues have low or medium severity ratings, impacting processors and posing risks such as information disclosure, denial of service, and local privilege escalation.
Furthermore, Intel has addressed a specific information disclosure vulnerability, tracked as CVE-2023-28746, which impacts only Atom processors. Named Register File Data Sampling (RFDS), this microarchitectural vulnerability allows a local attacker to obtain potentially sensitive data from memory.
In response to these vulnerabilities, Intel has released microcode updates and patches to mitigate the risks. It’s notable that many of the identified flaws were internally discovered by Intel, which patching a total of 353 security holes last year.
On the other hand, AMD has presented two advisories, one addressing the newly disclosed microarchitectural vulnerability called GhostRace, which impacts all major CPU makers and software including Linux. The second advisory covers a WebGPU browser-based GPU cache side-channel attack method, for which AMD does not believe that any exploit against its products has been demonstrated by researchers.
It’s worth mentioning that despite financially supporting the GhostRace project, Intel did not mention it in its latest advisories.
Both companies have taken proactive measures to address the security vulnerabilities in their products, reaffirming their commitment to addressing potential threats and maintaining the integrity of their offerings.