Intel and AMD have launched over two dozen advisories on Could 2026 Patch Tuesday, addressing 70 vulnerabilities throughout their product portfolios.
Intel revealed 13 advisories describing 24 security defects, together with one important and eight high-severity flaws.
The important bug, tracked as CVE-2026-20794 (CVSS rating of 9.3), is described as a buffer overflow difficulty within the Data Heart Graphics Driver for VMware ESXi software program that could possibly be exploited for privilege escalation and probably for code execution.
Intel’s replace for the product additionally resolves two high-severity out-of-bounds write and browse weaknesses that might result in denial-of-service (DoS) circumstances and probably to information corruption or disclosure.
The chip maker additionally addressed high-severity vulnerabilities in Imaginative and prescient software program, Endpoint Administration Assistant (EMA), UEFI firmware for the Slim Bootloader, and QuickAssist Know-how (QAT) software program drivers for Home windows.
Profitable exploitation of the failings might result in DoS circumstances and privilege escalation, and probably arbitrary code execution.
The remaining security defects addressed by Intel on Tuesday are medium-severity bugs affecting AI Playground, Show Virtualization for Home windows driver, 800 Collection Ethernet Linux driver, NPU drivers, UEFI firmware, Server Firmware Replace Utility, QAT drivers for Home windows, and a few Intel processors.
AMD revealed 15 advisories protecting 45 vulnerabilities, together with one critical-severity flaw and two dozen high-severity points.
Tracked as CVE-2026-0481 (CVSS rating of 9.2), the important bug impacts the AMD Machine Metrics Exporter (ROCm ecosystem), which exposes port 50061 on all community interfaces by default, permitting unauthenticated customers to entry the GPU-Agent gRPC(Google Distant Process name) server.
“Unrestricted IP tackle binding within the AMD Machine Metrics Exporter (ROCm ecosystem) might enable a distant attacker to carry out unauthorized modifications to the GPU configuration, probably leading to lack of availability,” AMD explains.
The corporate has addressed high-severity weaknesses inside Safe Processor (ASP), general-purpose enter/output controller (GPIO), Revenera InstallShield, Ionic cloud driver for ESXi, RAID driver, chipset drivers, CPU operation cache on Zen 2‑based mostly merchandise, graphics and datacenter accelerator merchandise, EPYC and EPYC Embedded processor platforms, and a few non-compulsory software program instruments.
Profitable exploitation of those points might result in privilege escalation, arbitrary code execution, and arbitrary learn/write entry to the sufferer VM/course of information.
