News Intel reports wave of high-severity GPU vulnerabilities — ten unique security vulnerabilities stemming from poor software hit range of graphics sol...

[Admin]

Intel has reported ten new GPU-related security vulnerabilities affecting drivers and graphics control software across a range of its GPU offerings this week. The announcement immediately follows announcements of a Spectre workaround from ETH Zurich.

Intel reports wave of high-severity GPU vulnerabilities — ten unique security vulnerabilities stemming from poor software hit range of graphics sol... : Read more

 

[ThisIsMe]

You guys already post at least one over-hyped, negative article about Intel every day. Is it really necessary to add a recap of every one of them to every one of them? Is it a requirement for you all to append this summary? Is there a word count requirement? Do you guys get paid per word?

Maybe I’m in the minority, but please just post the facts. Here’s the tl;dr

Intel posted some security vulnerability notices. They’ve been patched for at least 7 months now. Be sure to update drivers if you haven’t yet.

 

[TerryLaze]

You guys already post at least one over-hyped, negative article about Intel every day. Is it really necessary to add a recap of every one of them to every one of them? Is it a requirement for you all to append this summary? Is there a word count requirement? Do you guys get paid per word?

Maybe I’m in the minority, but please just post the facts. Here’s the tl;dr

Intel posted some security vulnerability notices. They’ve been patched for at least 7 months now. Be sure to update drivers if you haven’t yet.

click through rate
Google what it means.

 

[Amdlova]

You guys already post at least one over-hyped, negative article about Intel every day. Is it really necessary to add a recap of every one of them to every one of them? Is it a requirement for you all to append this summary? Is there a word count requirement? Do you guys get paid per word?

Maybe I’m in the minority, but please just post the facts. Here’s the tl;dr

Intel posted some security vulnerability notices. They’ve been patched for at least 7 months now. Be sure to update drivers if you haven’t yet.

We like to read how intel fail everytime

 

[rluker5]

Not everyone is affected. Current gen products like Arrow Lake and Battlemage dGPUs came out after these vulnerabilities were patched. So they are not new vulnerabilities in the sense that the current generation is, but they are new compared to hills and rivers and things.

It wouldn't sound as urgent if they put it in that perspective. I vaguely remember thinking a long time back that it was nice that my Broadwell was just old enough to be immune and recently I learned that it is just new enough to still be supported by Windows 10. At least while W10 is.

Edit: Maybe Tom's could include the current list of ignored, unpatched vulnerabilities that AMD has in AMD articles instead of showing an intel chip in an article about a new vulnerability class specific to AMD that they tried to pass off as affecting all chips. : https://www.tomshardware.com/pc-com...avoidable-ransomware#xenforo-comments-3879481

 

[nogaard777]

Intel has reported ten new GPU-related security vulnerabilities affecting drivers and graphics control software across a range of its GPU offerings this week. The announcement immediately follows announcements of a Spectre workaround from ETH Zurich.

Intel reports wave of high-severity GPU vulnerabilities — ten unique security vulnerabilities stemming from poor software hit range of graphics sol... : Read more

If Tom's didn't have a constant flow of click bait articles claiming Intel's demise they'd have no content at all. I sure don't remember this level of doom and gloom when AMD recently had a vulnerability that effects every CPU they've made for over half a decade. But that's AMD, and Tom's doesn't do negative AMD click bait

 

[Amdlova]

Some new's about AMD

https://www.tomshardware.com/pc-com...dge-turin-ryzen-ai-300-and-fire-range-at-risk

https://www.tomshardware.com/news/amd-inception-vulnerability-affects-zen-3-and-4

https://www.tomshardware.com/pc-com...00-and-3000-will-not-get-patched-among-others

https://www.tomshardware.com/pc-com...nerability-affecting-zen-1-to-zen-4-epyc-cpus

https://www.tomshardware.com/pc-com...si-releases-agesa-120ca-bios-update-for-zen-2

https://www.tomshardware.com/news/amd-cachewarp-vulnerability-afflicts-epyc-server-cpus

https://www.tomshardware.com/news/steam-deck-gets-belated-linux-zenbleed-vulnerability-patch

https://www.tomshardware.com/tech-i...e-and-qualcomm-chips-by-exploiting-gpu-memory

 

[dalek1234]

We like to read how intel fail everytime

It's so entertaining, isn't it?

 

[bit_user]

all require local access to take advantage of, greatly downgrading their importance to the average user. As the saying goes, if a hostile attacker has local access to your system, you have bigger things to worry about than side-channel attacks.

No, I think you misunderstand.

First, when they say it requires a local, authenticated user, they do not mean that it requires physical access. The way an exploit like this can work is either if an authenticated user runs a piece of infected software (i.e. either malware or virus-infected) or if they visit a web site that contains an exploit which harnesses a vulnerability in their web browser. Both are ways an authenticated user can unwittingly execute one of these exploits.

Some of these are "denial of service", but 3 are "privilege escalation". So, by chaining together one of these + other exploits that hackers can gain root access on your box. Gaining admin access to a machine rarely involves just a single exploit. Ransomware is an example of an attack that generally requires admin privileges. So, that's why privilege escalation exploits aren't something you should casually disregard.

@JarredWaltonGPU please mention this to Dallin.

 

[bit_user]

Edit: Maybe Tom's could include the current list of ignored, unpatched vulnerabilities that AMD has

This is whataboutism. It's how a lot of flame wars start. Someone tries to distract from some bad news by trying to highlight something negative about the other brand, and that draws a bunch of defenses. Then, it just grows from there.

My advice would be: don't be so sensitive. Making a big fuss over something just draws attention to it.

IMO, if you don't have something to say about the article or what it article covered, just let it go and move on. However, that's just my opinion.

 

[rluker5]

This is whataboutism. It's how a lot of flame wars start. Someone tries to distract from some bad news by trying to highlight something negative about the other brand, and that draws a bunch of defenses. Then, it just grows from there.

My advice would be: don't be so sensitive. Making a big fuss over something just draws attention to it.

IMO, if you don't have something to say about the article or what it article covered, just let it go and move on. However, that's just my opinion.

Perhaps you didn't notice the context of my comment. It is in reference to the article which presents a recent laundry list of bad news for Intel in a belated article on vulnerabilities fixed last generation for CPUs and GPUs. Coming off as a blatantly anti Intel hitpiece with no new news.

I took issue with the laundry list as most of the commenters including the one I liked prior to making my comment.

I was just coming up with what a similar example would look like if the companies were switched to show how out of place it would look.

Amdlova showed that it isn't Tom's in general that is so biased, it must just be a few writers. But I would be happy if a big fuss were made over it. Such articles should get a different screen color and be labeled as partial.
I don't want Tom's to get the same reputation as Userbenchmark, but for a different chip company.

Credibility is helped by the appearance of impartiality.