Chipmakers Intel and AMD each launched security advisories this Patch Tuesday, informing prospects a couple of whole of greater than 130 vulnerabilities discovered of their merchandise.
Intel
Intel has revealed 31 advisories protecting roughly 105 vulnerabilities. One of the attention-grabbing flaws patched by Intel this week is a CPU flaw found internally by the corporate and independently by Google researchers.
Dubbed Reptar and tracked as CVE-2023-23583, the security gap can permit an attacker with entry to a visitor machine in a multi-tenant virtualized setting to trigger the host machine and different visitor machines on the identical host to crash. The vulnerability may doubtlessly additionally result in info disclosure or privilege escalation.
Intel additionally knowledgeable prospects on Tuesday a couple of essential vulnerability — with a CVSS rating of 10 — affecting Data Heart Supervisor (DCM) software program. The flaw, tracked as CVE-2023-31273, can permit an unauthenticated attacker to escalate privileges through community entry.
Along with the one describing Reptar, 9 of the corporate’s newest advisories deal with high-severity vulnerabilities, together with in oneAPI, Server Board and Server System BIOS firmware, QuickAssist Expertise (QAT), NUC software program, One Boot Flash Replace (OFU) software program, Connectivity Efficiency Suite software program, In-Band Manageability software program, and Unison software program.
The remaining advisories describe medium- and low-severity vulnerabilities.
AMD
AMD on Tuesday revealed 5 new security advisories to tell prospects a couple of whole of 27 vulnerabilities.
One of many advisories covers CVE-2023-20592, aka CacheWarp, a brand new AMD CPU vulnerability that may pose a threat to digital machines (VMs), doubtlessly permitting attackers to hijack management circulate, break into an encrypted VM, and escalate privileges. The weak point impacts AMD Safe Encrypted Virtualization (SEV).
The corporate has additionally knowledgeable prospects about security holes present in Safe Processor (ASP), System Administration Unit (SMU) and different elements, together with 4 high-severity points that might result in arbitrary code execution or privilege escalation.
A special advisory covers a high-severity flaw in SMM Supervisor, which attackers might be able to exploit for arbitrary code execution.
Ten server vulnerabilities affecting elements similar to ASP, SMU and SEV had been additionally addressed, together with a high-severity concern that may result in code execution.
In graphics drivers, AMD mounted 4 medium-severity flaws that might permit an attacker to execute arbitrary code or trigger a DoS situation.
