Intel Says Its CPUs Have Fewer New Bugs Than AMD, Nearly Half Its GPU Bugs Come From AMD
Who has the vulnerabilities is partially a matter of perspective.
Intel has stated that its CPUs faced 16 reported vulnerabilities in 2021, meaning it has fewer newly-discovered flaws than AMD's processors, which faced 31 flaws. However, Intel admittedly led in the number of flaws on graphics, and the total number of flaws. Interestingly, nearly half of Intel's new GPU vulnerabilities stem from an AMD graphics component Intel used in its own chips.
The numbers come from Intel's new 2021 product security report, which provides statistics not only about the number of vulnerabilities, but also how Common Vulnerabilities and Exposure (CVE) reports are categorized and provides information about Intel's bug bounty program.
Intel claims that its CPUs faced 16 security flaws in 2021, with six caught by researchers in its bug bounty program and the other ten found within the company. (The chart originally showed only ten CPU vulnerabilities, which didn't match the text in the document, but Intel corrected it after we notified the company of the discrepancy.) On graphics, Intel found 15 bugs internally, while 36 were found via the bounty initiative.
It's tough to match these exactly, because in most cases, Intel's GPUs come embedded in its CPUs. With the exception of Intel Xe DG1, Intel is largely still in integrated graphics, which are embedded in the processor.
But before AMD can be crowned the victor in GPU security, Intel notes that the CVE INTEL-SA-00481 for Intel Core Processors with Radeon RX Vega M graphics features 23 vulnerabilities for AMD's components. Those appear to be for Intel's Kaby Lake-G processors, which paired 8th Gen Intel Core processors with AMD's Radeon graphics and showed up in laptops like the Dell XPS 15 2-in-1 as well as the "Hades Canyon" NUC. So while those fall on Intel's side because they were on Intel's chip, the vulnerabilities were on AMD's part of the tech.
For information on AMD's data, Intel went exclusive to external research, ranging from May to December of 2021. It claims that it found no CVEs attributed to AMD's internal research in 2021.
AMD did not respond to a request for comment in time for publication. However, we'll update this story if we hear anything.
Notably, graphics processing units had the highest number of CVEs for Intel in 2021. Ethernet and software vulnerabilities tied for second plate at 34 vulnerabilities apiece.
Intel says that its own security research found 50% of vulnerabilities, while the bug bounty program caught another 43%. The other 7% comes from open source projects or organizations that can't partake in the bounty project.
Yesterday, Intel announced its latest security initiative, Project Circuit Breaker, which extends on the bounty program by inviting researchers to hacking events and providing access to new and yet-to-be-released firmware, chipsets, GPUs, and more.
The full report includes much more information, including which researchers received the highest bounty payouts (most are anonymous or pseudonymous), and provides more breakdowns on which vulnerabilities were found within Intel as opposed to externally.
Notably, Intel provided a breakdown outlining the severity of the newly-discovered vulnerabilities that impact its products but didn't share the same type of breakdown for AMD's products. Additionally, the list of vulnerabilities only includes those discovered for both companies in 2021, and doesn't include the full accounting over the last several years.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Andrew E. Freedman is a senior editor at Tom's Hardware focusing on laptops, desktops and gaming. He also keeps up with the latest news. A lover of all things gaming and tech, his previous work has shown up in Tom's Guide, Laptop Mag, Kotaku, PCMag and Complex, among others. Follow him on Threads @FreedmanAE and Mastodon @FreedmanAE.mastodon.social.
Zero-day Windows NTLM hash vulnerability gets patched by third-party — credentials can be hijacked by merely viewing a malicious file in File Explorer
US govt says Cisco gear often targeted in China's Salt Typhoon attacks on 8 telecommunications providers — issues Cisco-specific advice to patch networks to fend off attacks
-
hotaru251 Not sure they wanna go this route..Reply
AMD has more? sure
Intel has fewer? fine.
Now...who has more impactful bugs and which CPU maker fixes cripple performance?
also its not a shock about gpu related ones given amd's weakness is their gpu department. -
spongiemaster
Indeed. Even if the numbers are totally accurate, it probably wasn't a great move to release this data. I don't see who Intel sees as the target audience for this information.hotaru251 said:Not sure they wanna go this route.. -
USAFRet
It was going to come out anyway.spongiemaster said:Indeed. Even if the numbers are totally accurate, it probably wasn't a great move to release this data. I don't see who Intel sees as the target audience for this information.
Fanboys on either side will spin it to their clicky advantage.
"AMD has moar!"
"Intels are worse!"
Whatever... -
Alvar "Miles" Udell There's no doubt Intel CPUs likely have fewer vulnerabilities than AMD, not in the least because for the better part of this millennium Intel products had a massive market share advantage over AMD and were therefore subject to much more scrutiny by all interested parties.Reply
AMD probably has a number of severe bugs waiting to be discovered, and Intel probably has a few more as well, but in the grand scheme of things the number of CPU vulnerabilities is likely low on the priority list of anyone when it comes to building a machine, be it a home user desktop or multi-million dollar supercomputer, the same way it's low to non existent on people's priority list as to which web browser has fewer bugs or GPU vendor has more bugs in their driver packages. -
escksu I dont think this is an issue at all. Because Windows + software + network security issues is like 10000x higher. Then vast majority of these exploits require you to sit infront of the computer with admin rights...Reply
The biggest issues have been and always will be windows + software + network..
Lastly, the biggest threat is human... How many security breaches, virus infection etc are simply due to human action? -
btmedic04 Intel is really going back to their old school playbook. pointing out their superiority in bugs over their competitors is one of intels oldest marketing strategiesReply -
Bazzy 505 That a bit of a troll press release on Intel's part. I'm pretty sure all AMD fanboys will bring out their pitchforks on reddit about this statement.Reply
Rest assured, that's pretty much what good ol' Pat is counting on, and i'm quite certain he won't be dissapointed. A buzz is a buzz. Maybe Intel is trying too hard to convince us they're the cool kid around the block again. Amusingly enough i don't think that's really necessary at this point, gen12 core CPUs are right on the money. As for the GPU space, only time will tell if their discreet gpu's end up in the traditional prebuilt school pc segment or they'll actually produce a formindable gaming gpu for the first time after decades of misfires and aborts -
Co BIY I hope that Intel starting up the aggressive marketing machine is a sign that they know the supply chain issues are about to be fixed and consumers will be eager to buy at the normal price levels.Reply -
eldakka1 Maybe they should produce a report that takes into account the severity of the bug. E.g. multiply the number of bugs of each sev level (1-10) by the sev level and add them all together.Reply
Oh, and make it a line graph going back, say, 4 years ? So we can see trends over time.