Chipmakers Intel and AMD Release Patches to Address New Microarchitectural Vulnerabilities


Chipmakers Intel and AMD have issued a series of security advisories on Patch Tuesday, addressing a total of 10 vulnerabilities affecting their products.

Intel released eight advisories, with two highlighting high-severity issues. The first concerns a local privilege escalation vulnerability affecting BIOS firmware on certain Intel processors. The second high-severity flaw impacts the on-chip debug and test interface of specific 4th-generation Intel Xeon processors, particularly when utilizing SGX or TDX technology.

The remaining nine vulnerabilities carry medium to low severity ratings and affect various processors. These vulnerabilities could potentially lead to information disclosure, denial of service, and local privilege escalation.

Among Intel's advisories is one addressing the Register File Data Sampling (RFDS) vulnerability (CVE-2023-28746), discovered internally by Intel. RFDS affects only Atom processors and could allow a local attacker to access sensitive data from memory. Although similar to previously disclosed Microarchitectural Data Sampling (MDS) flaws, Intel notes that there are currently no known practical RFDS value injection transient execution attacks.

Intel's advisories also cover several medium- and low-severity vulnerabilities, affecting components such as the Converged Security Management Engine (CSME) installer, Local Manageability Service software, and Server Platform Services (SPS). Intel has released microcode updates and other patches to address these vulnerabilities.

Meanwhile, AMD has published two advisories. The first addresses the newly disclosed microarchitectural vulnerability called GhostRace, which impacts major CPU manufacturers, including AMD, as well as Linux and other software. Notably, Intel did not mention GhostRace in its recent advisories, despite providing financial support for the project.

The second AMD advisory pertains to a WebGPU browser-based GPU cache side-channel attack method, the details of which are expected to be disclosed soon by academic researchers. AMD states that it does not believe any exploit against its products has been demonstrated by these researchers.

Overall, these advisories underscore the ongoing efforts of chipmakers to address security vulnerabilities and protect users from potential threats.