"The critical bug, tracked as CVE-2026-20794 (CVSS score of 9.3), is described as a buffer overflow issue in the Data Center Graphics Driver for VMware ESXi software that could be exploited for privilege escalation and potentially for code execution. Intel's update for the product also resolves two high-severity out-of-bounds write and read weaknesses that could lead to denial-of-service (DoS) conditions and potentially to data corruption or disclosure."
"The chip maker also addressed high-severity vulnerabilities in Vision software, Endpoint Management Assistant (EMA), UEFI firmware for the Slim Bootloader, and QuickAssist Technology (QAT) software drivers for Windows. Successful exploitation of the flaws could lead to DoS conditions and privilege escalation, and potentially arbitrary code execution."
"Tracked as CVE-2026-0481 (CVSS score of 9.2), the critical bug impacts the AMD Device Metrics Exporter (ROCm ecosystem), which exposes port 50061 on all network interfaces by default, allowing unauthenticated users to access the GPU-Agent gRPC(Google Remote Procedure call) server. "Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configurati"
Intel released 13 advisories covering 24 security defects, including one critical buffer overflow in the Data Center Graphics Driver for VMware ESXi. The flaw could enable privilege escalation and potentially arbitrary code execution. Intel also fixed two high-severity out-of-bounds read and write weaknesses that could cause denial-of-service and potentially data corruption or disclosure. Additional high-severity issues were addressed across Vision software, Endpoint Management Assistant, Slim Bootloader UEFI firmware, and Windows QuickAssist Technology drivers. AMD released 15 advisories covering 45 vulnerabilities, including one critical issue in the AMD Device Metrics Exporter within the ROCm ecosystem. The critical flaw involves unrestricted IP binding that can expose a gRPC server for unauthorized remote access and configuration changes.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]