Vulnerabilities exist in some of Intel Arc A750 and A770 GPU may result in denial of service or information disclosure

Intel appears to have been recently plagued by vulnerabilities, having just been exposed to a security flaw named “Downfall,” which affects multiple Core processors. Yet before the issue of “Downfall” could be fully resolved, a new problem has arisen. Recently, Intel disclosed new vulnerabilities in two of its Arc series graphics cards, the A770 and A750, on its official website, affecting some of the A770/A750 graphics cards sold between October and December of 2022.

According to the current information in Intel’s security bulletin INTEL-SA-00812, there are two concerns related to this vulnerability, and users may face the risks of a denial of service or information leakage. The severity of the issues is classified as moderate, and the detailed descriptions of the existing problems are as follows:

• CVE-2022-41984: The hardware protection mechanism of certain A770/A750 graphics cards is rendered ineffective, allowing privileged users to enable a denial of service within it. The CVSS base score is 4.4 (medium).
• CVE-2022-38973: Some A770/A750 graphics cards may permit a denial of service by locally authenticated users, or improper access control in the event of information leakage. The CVSS base score is 3.3 (low).

Fortunately, this vulnerability does not affect all Intel A750 and A770 units, but only those parts of the A770/A750 graphics cards sold between October and December of the previous year. At present, Intel has not yet provided a solution to this vulnerability but advises consumers who purchased these two graphics card models during the specified period to seek assistance by contacting the Intel product support department in their respective regions.