Intel Says Its CPUs Have Fewer New Bugs Than AMD, Nearly Half Its GPU Bugs Come From AMD

By Andrew E. Freedman
last updated

Who has the vulnerabilities is partially a matter of perspective.

Intel Vulnerabilities
(Image credit: Intel)

Intel has stated that its CPUs faced 16 reported vulnerabilities in 2021, meaning it has fewer newly-discovered flaws than AMD's processors, which faced 31 flaws. However, Intel admittedly led in the number of flaws on graphics, and the total number of flaws. Interestingly, nearly half of Intel's new GPU vulnerabilities stem from an AMD graphics component Intel used in its own chips.

The numbers come from Intel's new 2021 product security report, which provides statistics not only about the number of vulnerabilities, but also how Common Vulnerabilities and Exposure (CVE) reports are categorized and provides information about Intel's bug bounty program.

Intel claims that its CPUs faced 16 security flaws in 2021, with six caught by researchers in its bug bounty program and the other ten found within the company. (The chart originally showed only ten CPU vulnerabilities, which didn't match the text in the document, but Intel corrected it after we notified the company of the discrepancy.) On graphics, Intel found 15 bugs internally, while 36 were found via the bounty initiative.

It's tough to match these exactly, because in most cases, Intel's GPUs come embedded in its CPUs. With the exception of Intel Xe DG1, Intel is largely still in integrated graphics, which are embedded in the processor.

Intel

(Image credit: Intel)

But before AMD can be crowned the victor in GPU security, Intel notes that the CVE INTEL-SA-00481 for Intel Core Processors with Radeon RX Vega M graphics features 23 vulnerabilities for AMD's components. Those appear to be for Intel's Kaby Lake-G processors, which paired 8th Gen Intel Core processors with AMD's Radeon graphics and showed up in laptops like the Dell XPS 15 2-in-1 as well as the "Hades Canyon" NUC. So while those fall on Intel's side because they were on Intel's chip, the vulnerabilities were on AMD's part of the tech.

For information on AMD's data, Intel went exclusive to external research, ranging from May to December of 2021. It claims that it found no CVEs attributed to AMD's internal research in 2021.

AMD did not respond to a request for comment in time for publication. However, we'll update this story if we hear anything.

Slide showing CVE count by category.

(Image credit: Intel)

Notably, graphics processing units had the highest number of CVEs for Intel in 2021. Ethernet and software vulnerabilities tied for second plate at 34 vulnerabilities apiece.

Intel says that its own security research found 50% of vulnerabilities, while the bug bounty program caught another 43%. The other 7% comes from open source projects or organizations that can't partake in the bounty project.

Yesterday, Intel announced its latest security initiative, Project Circuit Breaker, which extends on the bounty program by inviting researchers to hacking events and providing access to new and yet-to-be-released firmware, chipsets, GPUs, and more.

The full report includes much more information, including which researchers received the highest bounty payouts (most are anonymous or pseudonymous), and provides more breakdowns on which vulnerabilities were found within Intel as opposed to externally.

Vulns

(Image credit: Intel)

Notably, Intel provided a breakdown outlining the severity of the newly-discovered vulnerabilities that impact its products but didn't share the same type of breakdown for AMD's products. Additionally, the list of vulnerabilities only includes those discovered for both companies in 2021, and doesn't include the full accounting over the last several years. 

Andrew E. Freedman
Andrew E. Freedman

Andrew E. Freedman is a senior editor at Tom's Hardware focusing on laptops, desktops and gaming. He also keeps up with the latest news. A lover of all things gaming and tech, his previous work has shown up in Tom's Guide, Laptop Mag, Kotaku, PCMag and Complex, among others. Follow him on Twitter: @FreedmanAE

Topics
Security
38 Comments Comment from the forums
  • hotaru251
    Not sure they wanna go this route..

    AMD has more? sure
    Intel has fewer? fine.

    Now...who has more impactful bugs and which CPU maker fixes cripple performance?


    also its not a shock about gpu related ones given amd's weakness is their gpu department.
    Reply
  • waltc3
    Probably more Gelsinger fantasies...;)
    Reply
  • spongiemaster
    hotaru251 said:
    Not sure they wanna go this route..
    Indeed. Even if the numbers are totally accurate, it probably wasn't a great move to release this data. I don't see who Intel sees as the target audience for this information.
    Reply
  • USAFRet
    spongiemaster said:
    Indeed. Even if the numbers are totally accurate, it probably wasn't a great move to release this data. I don't see who Intel sees as the target audience for this information.
    It was going to come out anyway.

    Fanboys on either side will spin it to their clicky advantage.

    "AMD has moar!"
    "Intels are worse!"

    Whatever...
    Reply
  • Alvar "Miles" Udell
    There's no doubt Intel CPUs likely have fewer vulnerabilities than AMD, not in the least because for the better part of this millennium Intel products had a massive market share advantage over AMD and were therefore subject to much more scrutiny by all interested parties.

    AMD probably has a number of severe bugs waiting to be discovered, and Intel probably has a few more as well, but in the grand scheme of things the number of CPU vulnerabilities is likely low on the priority list of anyone when it comes to building a machine, be it a home user desktop or multi-million dollar supercomputer, the same way it's low to non existent on people's priority list as to which web browser has fewer bugs or GPU vendor has more bugs in their driver packages.
    Reply
  • escksu
    I dont think this is an issue at all. Because Windows + software + network security issues is like 10000x higher. Then vast majority of these exploits require you to sit infront of the computer with admin rights...

    The biggest issues have been and always will be windows + software + network..

    Lastly, the biggest threat is human... How many security breaches, virus infection etc are simply due to human action?
    Reply
  • btmedic04
    Intel is really going back to their old school playbook. pointing out their superiority in bugs over their competitors is one of intels oldest marketing strategies
    Reply
  • Bazzy 505
    That a bit of a troll press release on Intel's part. I'm pretty sure all AMD fanboys will bring out their pitchforks on reddit about this statement.
    Rest assured, that's pretty much what good ol' Pat is counting on, and i'm quite certain he won't be dissapointed. A buzz is a buzz. Maybe Intel is trying too hard to convince us they're the cool kid around the block again. Amusingly enough i don't think that's really necessary at this point, gen12 core CPUs are right on the money. As for the GPU space, only time will tell if their discreet gpu's end up in the traditional prebuilt school pc segment or they'll actually produce a formindable gaming gpu for the first time after decades of misfires and aborts
    Reply
  • Co BIY
    I hope that Intel starting up the aggressive marketing machine is a sign that they know the supply chain issues are about to be fixed and consumers will be eager to buy at the normal price levels.
    Reply
  • eldakka1
    Maybe they should produce a report that takes into account the severity of the bug. E.g. multiply the number of bugs of each sev level (1-10) by the sev level and add them all together.

    Oh, and make it a line graph going back, say, 4 years ? So we can see trends over time.
    Reply