Intel and AMD Patch Multiple Security Flaws on Chipmaker Patch Day
Intel and AMD Issue Patches for 69 Vulnerabilities
On May 2026 Patch Tuesday, both Intel and AMD released advisories addressing a combined total of 69 vulnerabilities across their respective product portfolios.
Vulnerability Breakdown:
- Intel:
- Affecting 23 security defects, including one critical and eight high-severity flaws.
- Critical vulnerability (CVE-2026-20794) affects the Data Center Graphics Driver for VMware ESXi software.
- Successful exploitation poses significant risks, including privilege escalation and code execution.
- Other impacted areas include Vision software, Endpoint Management Assistant (EMA), UEFI firmware for the Slim Bootloader, and QuickAssist Technology (QAT) software drivers for Windows.
- AMD:
- Affects several areas, including Device Metrics Exporter (ROCm ecosystem).
- Critical vulnerability allows unauthenticated users to access the GPU-Agent gRPC server due to unrestricted IP address binding.
- Successful exploitation results in loss of availability and unauthorized changes to the GPU configuration.
- Notable vulnerabilities also exist within Secure Processor (ASP), general-purpose input/output controller (GPIO), Revenera InstallShield, Ionic cloud driver for ESXi, RAID driver, chipset drivers, CPU operation cache on Zen 2-based products, graphics and datacenter accelerator products, EPYC and EPYC Embedded processor platforms, and certain optional software tools.
“According to Intel, the critical vulnerability (CVE-2026-20794) in the Data Center Graphics Driver for VMware ESXi software could be exploited for privilege escalation and potentially for code execution, posing significant risks if left unaddressed.”
“If successfully exploited, the critical vulnerability in AMD’s Device Metrics Exporter (ROCm ecosystem) could result in loss of availability and unauthorized changes to the GPU configuration,” AMD warned.
About Author
English