Chipmakers Intel, AMD and Nvidia on Tuesday published new security advisories to inform customers about vulnerabilities found recently in their products. 

Intel

Intel, which in 2024 patched a total of 374 vulnerabilities, published 34 new advisories on Tuesday. 

Only one advisory has an overall severity rating of ‘critical’. It describes Server Board BMC vulnerabilities that can lead to privilege escalation, information disclosure and denial of service (DoS).

Intel Server Board products are affected by a critical unauthenticated privilege escalation issue introduced by the use of AMI BMC firmware. In addition, Server Board products are impacted by two high-severity privilege escalation issues, and two medium-severity bugs that can allow DoS attacks and information disclosure.

Ten of Intel’s new advisories describe high-severity vulnerabilities, including ones affecting Driver Support Assistant (privilege escalation), processor UEFI firmware (privilege escalation and information disclosure), QuickAssist (privilege escalation), chipset firmware (DoS), System Security Report and System Resource Defense (privilege escalation), Battery Life Diagnostic Tool (privilege escalation), PROSet/Wireless WiFi and Killer WiFi (DoS), Graphics software (privilege escalation), and Memory Latency Checker (DoS).

Intel patched medium- and low-severity issues in processors, as well as in 800 series Ethernet driver, Graphics Performance Analyzer, Thread Director Visualizer, Quartus Prime, RealSense, Ethernet Port Configuration Tool, FPGA Support Package, Extreme Tuning Utility, High Level Synthesis Compiler, SGX, Advisor, MPI Library for Windows, Data Streaming Accelerator, Chipset Software Installation Utility, Driver & Support Assistant, Ethernet Adapter Complete Driver Pack, Server Platform Services, Video Processing Library, Wireless Bluetooth and Killer Bluetooth, and Ethernet Connection I219 series products.

These medium- and low-severity flaws can allow privilege escalation, information disclosure, and DoS attacks. 

AMD

AMD has also published new advisories on Patch Tuesday, significantly more than in a typical month. 

The chipmaker has released 11 new advisories. Some of them describe server, client and embedded processor vulnerabilities, including several high-severity flaws that attackers may be able to exploit for arbitrary code execution. 

These vulnerabilities are caused by improper input validation in the SMM (System Management Mode) handler, and AMD has also published two separate advisories addressing other high-severity issues related to SMM.

The company has also published separate advisories for graphics driver and GPU issues, a majority potentially leading to DoS or data corruption. 

AMD customers were also informed on Tuesday about DLL hijacking vulnerabilities in AMD Integrated Management Technology (AIM-T) and Ryzen Master Utility, which could allow privilege escalation and code execution.

Another high-severity flaw that could allow arbitrary code execution was identified in the AMD Desktop and mobile Architecture for System Hardware (DASH) command line interface.

AMD has also addressed a recent side-channel attack method named ZenLeak, discovered by researchers at Wuhan University. The company noted that existing mitigations for prime and probe attacks are applicable to ZenLeak as well. 

Nvidia

Nvidia on Tuesday published four new security advisories. One of them describes a high-severity vulnerability in Container Toolkit and GPU Operator, which could allow arbitrary code execution, privilege escalation, DoS attacks, information disclosure, and data tampering. 

Another high-severity vulnerability with similar potential impact was patched by Nvidia in the Jetson AGX Orin and IGX Orin series products. 

One medium-severity security hole that can lead to a DoS condition has been fixed in Nvidia’s Triton Inference Server, and four medium-severity bugs that could lead to data tampering and code execution have been patched in the nvJPEG2000 library.

Related: Intel Warns of 20+ Vulnerabilities, Advises Firmware Updates

Related: Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities

Related: Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities