Intel says its processors have fewer new bugs than AMD, nearly half of its GPU bugs come from AMD
Intel said its processors faced 16 reported vulnerabilities in 2021, meaning it has fewer newly discovered flaws than AMD’s processors, which faced 31 flaws. However, Intel admittedly led in the number of defects on the graphics and the total number of defects. Interestingly, nearly half of Intel’s new GPU vulnerabilities stem from an AMD graphics component that Intel uses in its own chips.
The figures come from Intel’s new Product Security Report 2021, which provides statistics not only on the number of vulnerabilities, but also on how Common Vulnerabilities and Exposure (CVE) reports are ranked and provides information on Intel’s bug bounty program.
Intel says its processors faced 16 security flaws in 2021, six of which were detected by researchers through its bug bounty program and the remaining ten were found within the company. (The graph originally showed only ten CPU vulnerabilities, which did not match the text of the document, but Intel fixed it after notifying the company of the discrepancy.) On the graphs, Intel found 15 bugs internally, while 36 were found via the bounty initiative.
It’s hard to match them exactly, because in most cases Intel’s GPUs are built into its processors. With the exception of Intel Xe DG1, Intel is still largely into integrated graphics, which are built into the processor.
But before AMD can be crowned the winner of GPU security, Intel notes that CVE INTEL-SA-00481 for Intel Core processors with Radeon RX Vega M graphics introduces 23 vulnerabilities to AMD’s components. These appear to be for Intel’s Kaby Lake-G processors, which paired 8th Gen Intel Core processors with AMD’s Radeon graphics and appeared in laptops like the Dell XPS 15 2-in-1 as well as Hades Canyon NUC. So while these fall on Intel’s side because they were on Intel’s chip, the vulnerabilities were on AMD’s side of the technology.
For information on AMD’s data, Intel went exclusively to external research, ranging from May to December 2021. It claims to have found no CVEs attributed to internal AMD research in 2021.
AMD did not respond to a request for comment in time for publication. However, we’ll update this story if we hear anything.
Notably, graphics processing units had the highest number of CVEs for Intel in 2021. Ethernet and software vulnerabilities tied for second plate with 34 vulnerabilities each.
Intel says its own security research found 50% of the vulnerabilities, while the bug bounty program found an additional 43%. The remaining 7% comes from open source projects or organizations that cannot participate in the Bounty project.
Yesterday Intel announced its latest security initiative, Project Circuit Breaker, which extends the bounty program by inviting researchers to hacking events and providing access to new firmware, chipsets, GPUs, and more.
The full report includes much more information, including which researchers received the highest bounties (most are anonymous or pseudonymous), and provides more breakdowns on vulnerabilities found within Intel versus outside. .
Notably, Intel provided a breakdown outlining the severity of newly discovered vulnerabilities affecting its products, but did not share the same type of breakdown for AMD products. Additionally, the list of vulnerabilities only includes those discovered for the two companies in 2021 and does not include full accounting for recent years.