Intel has disclosed a new vulnerability (INTEL-SA-00812) that affects the company's Arc A770 and Arc A750, two of the best graphics cards. Classified with a medium severity rating, the potential security flaw may permit denial of service or information disclosure.
It certainly hasn't been a good week for Intel. After a year-long embargo, the chipmaker had finally lifted the curtains Downfall, a vulnerability with costly performance penalties that impacts multiple generations of Intel processors. And now, Intel's internal team has discovered vulnerabilities with Arc A770 and Arc A750 graphics cards sold between October and December 2022. The advisory seemingly indicates that the flaw isn't widespread but only affects batches sold during the mentioned timeframe.
The security vulnerability encompasses two issues. CVE-2022-41984 describes a protection mechanism failure in some Arc A770 and Arc A750 graphics cards where a privileged user can enable a denial of service. On the other hand, CVE-2022-38973 talks about improper access control in a scenario where an authenticated user can allow denial of service or information disclosure. In both occasions, the user can exploit the vulnerability through local access.
Intel doesn't confirm whether it has or will release a firmware update or software fix to mitigate the recently-unearthed vulnerabilities. The chipmaker recommends that consumers who bought an Arc A770 or Arc A750 between October to December 2022 contact Intel product support in their region for help.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Zhiye Liu is a news editor and memory reviewer at Tom’s Hardware. Although he loves everything that’s hardware, he has a soft spot for CPUs, GPUs, and RAM.
-
Sleepy_Hollowed I'm starting to think that I'll have my gaming machines do nothing but gaming, this is getting a bit ridiculous.Reply
Nvidia has had a string of security issues on their drivers throughout the years as well. -
edzieba Arc A770 and Arc A750 graphics cards sold between October and December 2022
That's.... really odd. Unless they had 3 die revisions within as many months rolling out of the fabs, then the vulnerability would either be a microcode issue (and thus should be patchable as a BIOS revision), or some bizarre timing bug that only triggers with some combination of edge-case board components. -
thisisaname
I found that odd too as it would be the date it was manufactured rather than the date it was sold.edzieba said:That's.... really odd. Unless they had 3 die revisions within as many months rolling out of the fabs, then the vulnerability would either be a microcode issue (and thus should be patchable as a BIOS revision), or some bizarre timing bug that only triggers with some combination of edge-case board components.
Edit: Did they recall all unsold stock when they released the new revision? -
purpleduggy these exploits are dangerous and all, but less than 1% of people are capable of using them against you, and those people won't be stopped if they want some data you have, even if you patch it. they'll find another way. all this is going to do is lower performance on systems. The first thing I do on any system is remove the spectre and meltdown patches because the patch causes a significant performance hit. people are naive when it comes to exploits. no one is gonna rely on an exploit to get your data if they want it, they'll use far easier means like social engineering. nice naive idea but doesn't work.Reply