Intel’s CPUs had 16 reported vulnerabilities in 2021, indicating that it had fewer newly identified problems than AMD’s chips, which had 31. Intel, on the other hand, admittedly led to both the number of graphical faults and the total number of flaws. Surprisingly, roughly half of Intel’s new GPU flaws are due to an AMD graphics component used in Intel’s chips.
The figures come from Intel’s new product security report for 2021, which includes information on not only the number of vulnerabilities but also how Common Vulnerabilities and Exposure (CVE) reports are classified and Intel’s bug bounty program.
In 2021, Intel claimed that their CPUs had 16 security weaknesses, six of which were discovered by researchers through the company’s bug bounty program and the other 10 discovered internally. (At first, the chart only showed ten CPU vulnerabilities, which didn’t match the language in the document, but Intel remedied the error once we alerted them.) On the graphics front, Intel discovered 15 issues internally, while the reward campaign discovered 36.
Because Intel’s GPUs are usually embedded in its CPUs, it’s difficult to match these perfectly. Except for the Intel Xe DG1, Intel is still mostly focused on integrated graphics, which are graphics that are built into the processor.
However, before AMD can be declared the winner in GPU security, Intel points out that the CVE INTEL-SA-00481 for Intel Core Processors with Radeon RX Vega M graphics contains 23 vulnerabilities for AMD components. Those appear to be for Intel’s Kaby Lake-G CPUs, which combined Intel’s 8th Gen Core processors with AMD’s Radeon graphics and appeared in laptops like the Dell XPS 15 2-in-1 and the “Hades Canyon” NUC. While the vulnerabilities were on Intel’s side because they were on Intel’s chip, they were on AMD’s side of the technology.
Intel relied solely on external research for information on AMD’s statistics, which spanned the months of May to December 2021. In 2021, it claims to have discovered no CVEs linked to AMD’s internal research.
In time for publication, AMD did not respond to a request for comment. However, if we hear anything, we’ll update this report. In particular, Intel’s graphics processing processors had the most CVEs in 2021. With 34 vulnerabilities each, Ethernet and software vulnerabilities are tied for second place.
Intel claims that its security research discovered 50% of vulnerabilities, with the bug bounty program catching the other 43%. The remaining 7% originates from open source projects and organizations that are unable to participate in the bounty program.
Intel’s latest security project, Project Circuit Breaker, was launched yesterday, and it builds on the bounty program by inviting researchers to hacking events and giving them access to new and upcoming firmware, chipsets, GPUs, and more.
The whole report contains a lot more information, such as which researchers received the largest bounty awards (most are anonymous or pseudonymous) and further breakdowns on which vulnerabilities were discovered internally versus outside by Intel.
Intel, for example, offered a breakdown of the severity of newly identified vulnerabilities that affect their products, but AMD’s products did not receive the same treatment. Furthermore, the list of vulnerabilities only includes those discovered in 2021 for both organizations, not the whole accounting over the previous many years.
also read:
