Intel, AMD, and Nvidia have printed safety advisories describing vulnerabilities discovered just lately of their merchandise.
Intel, which generally publishes advisories on a quarterly schedule, has launched 30 new advisories to tell prospects about greater than 60 vulnerabilities.
The chip big fastened high-severity vulnerabilities in Xeon processors, Slim Bootloader for Xeon and Core processors, PROSet, Computing Enchancment Program (CIP), Processor Identification Utility, Graphics, and QuickAssist Expertise (QAT).
These safety holes will be exploited for denial-of-service (DoS) assaults and privilege escalation.
Intel patched medium- and low-severity points in Server Configuration Utility, Show Virtualization, NPU drivers, SigTest, CIP, One Boot Flash Replace, Processor Identification Utility, Instrumentation and Tracing Expertise API, VTune Profiler, Graphics, System Assist Utility, Driver & Assist Assistant, and Speedy Storage Expertise merchandise.
Medium- and low-severity flaws have additionally been resolved in FPGA Assist Bundle for oneAPI, Neural Compressor, oneAPI Math Kernel Library, QAT, Gaudi, Thread Director Visualizer, ESXi drivers for 800 Sequence Ethernet, Killer, System Occasion Log, Distribution for Python software program installer, MPI Library, Assistive Context-Conscious Toolkit, PresentMon, and Thermal Innovation Platform Framework Extension Supplier merchandise.
These vulnerabilities can result in privilege escalation, DoS, and knowledge disclosure.
AMD printed six new advisories describing a complete of 14 vulnerabilities. A high-severity challenge impacting Kria and Zynq units “may probably enable non-secure processors entry to safe recollections, entry to crypto operations, and the flexibility to activate and off subsystems inside the SoC”. Commercial. Scroll to proceed studying.
Excessive-severity vulnerabilities that might result in info disclosure, denial of service, and probably code execution have been addressed in Xilinx Run Time (XRT) drivers.
Excessive-severity privilege escalation points that might lead to arbitrary code execution have been present in AMD StoreMi. The seller just isn’t releasing any patches or mitigations as a result of the product has been discontinued.
Two vulnerabilities that may result in a denial of service have been fastened by the corporate within the AMD μProf software.
As well as, AMD patched a medium-severity knowledge integrity compromise challenge affecting some Epyc CPUs, and knowledgeable prospects about plans to repair a low-severity challenge associated to safe flag utilization in Versal and Alveo merchandise.
Nvidia printed 4 new advisories overlaying a complete of six vulnerabilities impacting its AI merchandise. Two high-severity flaws that may be exploited for code execution, privilege escalation, info disclosure, or knowledge tampering have been addressed within the NeMo AI framework.
One high-severity challenge that may have the same impression has been addressed within the Megatron LM LLM coaching framework.
One high-severity vulnerability that may result in privilege escalation, knowledge tampering, and knowledge disclosure has been fastened within the AIStore AI utility storage system. A medium-severity info disclosure challenge was patched in the identical product.
As well as, a medium-severity DoS flaw was fastened within the Triton Inference Server for Linux and Home windows.
Associated: Chipmaker Patch Tuesday: Intel, AMD, Arm Reply to New CPU Assaults
Associated: Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia
