Intel has stated that its CPUs faced 16 reported vulnerabilities in 2021, meaning it has fewer newly-discovered flaws than AMD's processors, which faced 31 flaws. However, Intel admittedly led in the number of flaws on graphics, and the total number of flaws. Interestingly, nearly half of Intel's new GPU vulnerabilities stem from an AMD graphics component Intel used in its own chips.
The numbers come from Intel's new 2021 product security report, which provides statistics not only about the number of vulnerabilities, but also how Common Vulnerabilities and Exposure (CVE) reports are categorized and provides information about Intel's bug bounty program.
Intel claims that its CPUs faced 16 security flaws in 2021, with six caught by researchers in its bug bounty program and the other ten found within the company. (The chart originally showed only ten CPU vulnerabilities, which didn't match the text in the document, but Intel corrected it after we notified the company of the discrepancy.) On graphics, Intel found 15 bugs internally, while 36 were found via the bounty initiative.
It's tough to match these exactly, because in most cases, Intel's GPUs come embedded in its CPUs. With the exception of Intel Xe DG1, Intel is largely still in integrated graphics, which are embedded in the processor.
But before AMD can be crowned the victor in GPU security, Intel notes that the CVE INTEL-SA-00481 for Intel Core Processors with Radeon RX Vega M graphics features 23 vulnerabilities for AMD's components. Those appear to be for Intel's Kaby Lake-G processors, which paired 8th Gen Intel Core processors with AMD's Radeon graphics and showed up in laptops like the Dell XPS 15 2-in-1 as well as the "Hades Canyon" NUC. So while those fall on Intel's side because they were on Intel's chip, the vulnerabilities were on AMD's part of the tech.
For information on AMD's data, Intel went exclusive to external research, ranging from May to December of 2021. It claims that it found no CVEs attributed to AMD's internal research in 2021.
AMD did not respond to a request for comment in time for publication. However, we'll update this story if we hear anything.
Notably, graphics processing units had the highest number of CVEs for Intel in 2021. Ethernet and software vulnerabilities tied for second plate at 34 vulnerabilities apiece.
Intel says that its own security research found 50% of vulnerabilities, while the bug bounty program caught another 43%. The other 7% comes from open source projects or organizations that can't partake in the bounty project.
Yesterday, Intel announced its latest security initiative, Project Circuit Breaker, which extends on the bounty program by inviting researchers to hacking events and providing access to new and yet-to-be-released firmware, chipsets, GPUs, and more.
The full report includes much more information, including which researchers received the highest bounty payouts (most are anonymous or pseudonymous), and provides more breakdowns on which vulnerabilities were found within Intel as opposed to externally.
Notably, Intel provided a breakdown outlining the severity of the newly-discovered vulnerabilities that impact its products but didn't share the same type of breakdown for AMD's products. Additionally, the list of vulnerabilities only includes those discovered for both companies in 2021, and doesn't include the full accounting over the last several years.