Chipmakers Intel and AMD have published 10 new security advisories this Patch Tuesday to inform customers about vulnerabilities impacting their products.
Intel published eight new advisories, including two that describe high-severity vulnerabilities.
One of the high-severity issues is a local privilege escalation impacting BIOS firmware for some Intel processors.
The second is a local privilege escalation that impacts the on-chip debug and test interface in some 4th Generation Intel Xeon processors when using SGX or TDX technology.
The remaining nine issues have a 'medium' or 'low' severity rating.
Most of them impact processors and their exploitation could lead to information disclosure, denial of service, and local privilege escalation.
One of the information disclosure vulnerabilities, discovered internally by Intel and tracked as CVE-2023-28746, impacts only Atom processors.
Named Register File Data Sampling, the flaw has been described as a microarchitectural vulnerability that can allow a local attacker to obtain potentially sensitive data from memory.
The issue has been compared to previously disclosed Microarchitectural Data Sampling flaws.
One of Intel's advisories covers four medium- and low-severity issues that can lead to DoS attacks, information disclosure, and privilege escalation.
The chip giant has released microcode updates and other patches that should address these vulnerabilities.
Many of the flaws were found internally by Intel, which recently reported patching 353 security holes last year.
One is in response to a newly disclosed microarchitectural vulnerability named GhostRace, which impacts all major CPU makers, as well as Linux and other software.
Intel does not appear to have mentioned GhostRace in its latest advisories, despite financially supporting the project.
The second AMD advisory covers a WebGPU browser-based GPU cache side-channel attack method whose details will likely be made public soon by a team of academic researchers.
This Cyber News was published on www.securityweek.com. Publication date: Wed, 13 Mar 2024 17:13:07 +0000