On May 2026’s Patch Tuesday, leading chip manufacturers Intel and AMD released updates to address a total of 70 vulnerabilities across their various product lines. This significant security measure aims to bolster defenses against potential cyber threats.
Intel’s Critical and High-Severity Fixes
Intel issued 13 advisories detailing 24 security flaws. Among these, a critical vulnerability, identified as CVE-2026-20794 with a CVSS score of 9.3, was highlighted. This issue involves a buffer overflow in the Data Center Graphics Driver for VMware ESXi, which could allow attackers to escalate privileges or execute arbitrary code.
Additionally, Intel’s updates include resolutions for high-severity issues such as out-of-bounds write and read errors. These could potentially lead to denial-of-service (DoS) scenarios or cause data corruption and unauthorized data disclosure.
Further vulnerabilities were patched in Intel’s Vision software, Endpoint Management Assistant (EMA), UEFI firmware for the Slim Bootloader, and the QuickAssist Technology (QAT) software drivers for Windows. These fixes aim to prevent potential DoS conditions, privilege escalation, and arbitrary code execution.
AMD’s Comprehensive Security Measures
AMD released 15 advisories covering 45 vulnerabilities, focusing on both critical and high-severity issues. The most severe flaw, tracked as CVE-2026-0481 with a CVSS score of 9.2, affects the AMD Device Metrics Exporter within the ROCm ecosystem. This vulnerability could allow unauthorized access to the GPU-Agent gRPC server due to unrestricted IP address binding.
AMD addressed high-severity vulnerabilities in its Secure Processor (ASP), general-purpose input/output controller (GPIO), and various other components including the Revenera InstallShield, Ionic cloud driver for ESXi, and RAID driver. These patches are designed to mitigate risks of privilege escalation and unauthorized code execution.
Impact and Future Outlook
Both Intel and AMD’s efforts underscore the critical need for continual vigilance in cybersecurity. By addressing these vulnerabilities, they aim to enhance the security posture of their products against potential exploitation.
Looking ahead, users and organizations are encouraged to apply these updates promptly to ensure protection against these newly disclosed vulnerabilities. Regular patching remains a vital component of an effective cybersecurity strategy.
