Intel's Arc Alchemist GPUs Have Hidden Security Flaws

News
By Zhiye Liu
published

Affecting Arc A770 and A750 GPUs sold between October and December 2022.

Intel Arc
(Image credit: Shutterstock)

Intel has disclosed a new vulnerability (INTEL-SA-00812) that affects the company's Arc A770 and Arc A750, two of the best graphics cards. Classified with a medium severity rating, the potential security flaw may permit denial of service or information disclosure.

It certainly hasn't been a good week for Intel. After a year-long embargo, the chipmaker had finally lifted the curtains Downfall, a vulnerability with costly performance penalties that impacts multiple generations of Intel processors. And now, Intel's internal team has discovered vulnerabilities with Arc A770 and Arc A750 graphics cards sold between October and December 2022. The advisory seemingly indicates that the flaw isn't widespread but only affects batches sold during the mentioned timeframe.

The security vulnerability encompasses two issues. CVE-2022-41984 describes a protection mechanism failure in some Arc A770 and Arc A750 graphics cards where a privileged user can enable a denial of service. On the other hand, CVE-2022-38973 talks about improper access control in a scenario where an authenticated user can allow denial of service or information disclosure. In both occasions, the user can exploit the vulnerability through local access.

Intel doesn't confirm whether it has or will release a firmware update or software fix to mitigate the recently-unearthed vulnerabilities. The chipmaker recommends that consumers who bought an Arc A770 or Arc A750 between October to December 2022 contact Intel product support in their region for help.

Zhiye Liu
Zhiye Liu
RAM Reviewer and News Editor

Zhiye Liu is a Freelance News Writer at Tom’s Hardware US. Although he loves everything that’s hardware, he has a soft spot for CPUs, GPUs, and RAM.

See more GPUs News
4 Comments Comment from the forums
  • Sleepy_Hollowed
    I'm starting to think that I'll have my gaming machines do nothing but gaming, this is getting a bit ridiculous.

    Nvidia has had a string of security issues on their drivers throughout the years as well.
    Reply
  • edzieba
    Arc A770 and Arc A750 graphics cards sold between October and December 2022
    That's.... really odd. Unless they had 3 die revisions within as many months rolling out of the fabs, then the vulnerability would either be a microcode issue (and thus should be patchable as a BIOS revision), or some bizarre timing bug that only triggers with some combination of edge-case board components.
    Reply
  • thisisaname
    edzieba said:
    That's.... really odd. Unless they had 3 die revisions within as many months rolling out of the fabs, then the vulnerability would either be a microcode issue (and thus should be patchable as a BIOS revision), or some bizarre timing bug that only triggers with some combination of edge-case board components.
    I found that odd too as it would be the date it was manufactured rather than the date it was sold.


    Edit: Did they recall all unsold stock when they released the new revision?
    Reply
  • purpleduggy
    these exploits are dangerous and all, but less than 1% of people are capable of using them against you, and those people won't be stopped if they want some data you have, even if you patch it. they'll find another way. all this is going to do is lower performance on systems. The first thing I do on any system is remove the spectre and meltdown patches because the patch causes a significant performance hit. people are naive when it comes to exploits. no one is gonna rely on an exploit to get your data if they want it, they'll use far easier means like social engineering. nice naive idea but doesn't work.
    Reply