Intel, AMD, and Nvidia have published security advisories describing vulnerabilities found recently in their products.
Intel, which typically publishes advisories on a quarterly schedule, has released 30 new advisories to inform customers about more than 60 vulnerabilities.
The chip giant fixed high-severity vulnerabilities in Xeon processors, Slim Bootloader for Xeon and Core processors, PROSet, Computing Improvement Program (CIP), Processor Identification Utility, Graphics, and QuickAssist Technology (QAT).
These security holes can be exploited for denial-of-service (DoS) attacks and privilege escalation.
Intel patched medium- and low-severity issues in Server Configuration Utility, Display Virtualization, NPU drivers, SigTest, CIP, One Boot Flash Update, Processor Identification Utility, Instrumentation and Tracing Technology API, VTune Profiler, Graphics, System Support Utility, Driver & Support Assistant, and Rapid Storage Technology products.
Medium- and low-severity flaws have also been resolved in FPGA Support Package for oneAPI, Neural Compressor, oneAPI Math Kernel Library, QAT, Gaudi, Thread Director Visualizer, ESXi drivers for 800 Series Ethernet, Killer, System Event Log, Distribution for Python software installer, MPI Library, Assistive Context-Aware Toolkit, PresentMon, and Thermal Innovation Platform Framework Extension Provider products.
These vulnerabilities can lead to privilege escalation, DoS, and information disclosure.
AMD published six new advisories describing a total of 14 vulnerabilities. A high-severity issue impacting Kria and Zynq devices “could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SoC”.
High-severity vulnerabilities that could lead to information disclosure, denial of service, and possibly code execution have been addressed in Xilinx Run Time (XRT) drivers.
High-severity privilege escalation issues that could result in arbitrary code execution have been found in AMD StoreMi. The vendor is not releasing any patches or mitigations because the product has been discontinued.
Two vulnerabilities that can lead to a denial of service have been fixed by the company in the AMD μProf tool.
In addition, AMD patched a medium-severity data integrity compromise issue affecting some Epyc CPUs, and informed customers about plans to fix a low-severity issue related to secure flag usage in Versal and Alveo products.
Nvidia published four new advisories covering a total of six vulnerabilities impacting its AI products. Two high-severity flaws that can be exploited for code execution, privilege escalation, information disclosure, or data tampering have been addressed in the NeMo AI framework.
One high-severity issue that can have a similar impact has been addressed in the Megatron LM LLM training framework.
One high-severity vulnerability that can lead to privilege escalation, data tampering, and information disclosure has been fixed in the AIStore AI application storage system. A medium-severity information disclosure issue was patched in the same product.
In addition, a medium-severity DoS flaw was fixed in the Triton Inference Server for Linux and Windows.
Related: Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks
Related: Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia
