Intel Finds Security Flaw in Their Arc Alchemist GPUs
Intel has reported a new vulnerability (INTEL-SA-00812) which affects their Arc A770 and Arc A750 GPUs, which are two of their best graphics cards in the current line-up. The potential security flaw, classified with a medium severity rating, may permit denial of service or information disclosure.
Intel discovered that the vulnerability only affects the above GPUs sold between October and December 2022, indicating that the flaw isn’t widespread and only affects batches sold in that period.
The vulnerability can be broken down into two issues, CVE-2022-41984 describes a protection mechanism failure in some Intel Arc A770 and Arc A750 GPUs where a privileged user can enable a denial of service (an attack designed to shut down a machine or network, making it unusable to its intended users.)
The second issue (CVE-2022-38973) discusses improper access control in a scenario where an authenticated user can allow denial of service or unintended information disclosure. In both of the above issues, the user can exploit the vulnerability through local access.
Intel is yet to confirm whether it has or will release a firmware update or software fix to mitigate these vulnerabilities. Intel has, however, acknowledged that they follow the Coordinated Disclosure model, meaning the vulnerability is generally only publicly disclosed once mitigations are available.
The chipmaker recommends contacting Intel product support in your respective region for help if you purchased an Arc A770 or A750 between October and December 2022.