Intel has compiled a product security report for 2021 detailing its efforts to fight vulnerabilities across various product architectures and families. As per the report, a total of 226 vulnerabilities were reported on Intel’s products, with the bulk of them (147) being medium severity, 52 high severity, 2 critical, and the remaining 25 low severity vulnerabilities.
Internal security research for 2021 accounts for 50% of the issues addressed and an additional 43% were reported through Intel’s Bug Bounty Program. In 2021, we addressed 226 vulnerabilities compared to 231 in 2020 and 236 in 2019.Intel
Furthermore, the chipmaker claims that its investment accounts for 93% of vulnerabilities addressed in 2021. Out of these 113 were internally found, 97 were reported via bug bounties, and the remaining came from miscellaneous sources.
Now, let’s have a look at the interesting part. As per Intel’s claims, AMD had 31 reported vulnerabilities on the CPU side and 27 on the GPU side, adding up to a total of 58. Team Blue, on the other hand, had a pile totaling up to 67, 16 from the CPU side and 51 from the GPU side. This is rather unexpected as Intel hasn’t made a single discrete GPU in the last two decades, and yet the majority of the vulnerabilities are from that segment.
These CVEs are likely from the Intel Graphics driver which has gotten attention only recently but is worrisome nonetheless. The chipmaker’s CPUs having significantly fewer reported vulnerabilities comes as a surprise as nearly every other vulnerability discovered since Meltdown/Spectre affected Intel processors in one way or another. Regardless, all these security issues have been sourced from AMD and Intel’s security center/product security sections which means only the ones officially reported by the two are being counted in the report.
Overall, this report may not be the most accurate representation of Intel’s product security, but it’s fairly transparent and more honest than what you’d expect from its marketing teams.