Intel has compiled a product security report for 2021 detailing its efforts to fight vulnerabilities across various product architectures and families. As per the report, a total of 226 vulnerabilities were reported on Intel’s products, with the bulk of them (147) being medium severity, 52 high severity, 2 critical, and the remaining 25 low severity vulnerabilities.
Internal security research for 2021 accounts for 50% of the issues addressed and an additional 43% were reported through Intel’s Bug Bounty Program. In 2021, we addressed 226 vulnerabilities compared to 231 in 2020 and 236 in 2019.
Furthermore, the chipmaker claims that its investment accounts for 93% of vulnerabilities addressed in 2021. Out of these 113 were internally found, 97 were reported via bug bounties, and the remaining came from miscellaneous sources.
Now, let’s have a look at the interesting part. As per Intel’s claims, AMD had 31 reported vulnerabilities on the CPU side and 27 on the GPU side, adding up to a total of 58. Team Blue, on the other hand, had a pile totaling up to 67, 16 from the CPU side and 51 from the GPU side. This is rather unexpected as Intel hasn’t made a single discrete GPU in the last two decades, and yet the majority of the vulnerabilities are from that segment.
These CVEs are likely from the Intel Graphics driver which has gotten attention only recently but is worrisome nonetheless. The chipmaker’s CPUs having significantly fewer reported vulnerabilities comes as a surprise as nearly every other vulnerability discovered since Meltdown/Spectre affected Intel processors in one way or another. Regardless, all these security issues have been sourced from AMD and Intel’s security center/product security sections which means only the ones officially reported by the two are being counted in the report.
In 2021, Intel reported 16 CPU and 51 graphics vulnerabilities (67 combined) while AMD reported 31 CPU and 27 graphics vulnerabilities (58 combined). As previously noted in this report, our Security First Pledge guides us to transparently report vulnerabilities whether found internally or externally. We have not identified any AMD-published CVEs in 2021 attributed to AMD internal research. Therefore, the information in this comparison is based solely on AMD CVEs attributed to external research.
Overall, this report may not be the most accurate representation of Intel’s product security, but it’s fairly transparent and more honest than what you’d expect from its marketing teams.
Processors, PC gaming, and the past. I have written about computer hardware for over seven years with over 5000 published articles. I started during engineering college and haven't stopped since. On the side, I play RPGs like Baldur's Gate, Dragon Age, Mass Effect, Divinity, and Fallout. Contact: areejs12@hardwaretimes.com.
