Intel and AMD Patch 70 Vulnerabilities, Highlighting Critical Data Center Risks

According to reports from SecurityWeek, Intel and AMD released a wave of security advisories on May 12 and 13, 2026, collectively addressing approximately 70 vulnerabilities. Among these are two critical flaws with CVSS scores exceeding 9.0, affecting the AMD ROCm Device Metrics Exporter and the Intel Data Center Graphics driver for VMware ESXi. The combination of a network binding design flaw and a buffer overflow in virtualized infrastructure necessitates immediate attention within data center operations.

ROCm and Port 50061: How Default Settings Expose Data Centers

The ROCm Device Metrics Exporter is a vital component of AMD’s open-source ecosystem used for monitoring GPUs in HPC and AI clusters. Per SecurityWeek, CVE-2026-0481 has been assigned a CVSS score of approximately 9.2. The vulnerability stems from the application's default binding to address 0.0.0.0 on port 50061, making the gRPC service accessible across every active network interface without authentication. In modern data centers, this architecture effectively dissolves the boundary between management and production networks.

This configuration bypasses standard data center network segmentation. An attacker with internal network access can interact directly with the GPU management server, potentially altering configurations or triggering a denial of service. AMD, as cited by SecurityWeek, has acknowledged that this unrestricted binding allows for unauthorized modifications.

"Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability" — AMD (via SecurityWeek)

The issue appears to be a design flaw in the threat assumption model rather than a simple implementation bug: the software assumes a trusted environment—an assumption that rarely holds true in modern multi-tenant data centers. Exposing a GPU management channel on 0.0.0.0 is equivalent to placing a control terminal on the network's perimeter, rendering downstream firewalls ineffective.

Intel Drivers for VMware ESXi: The Risk of Buffer Overflows in Virtualized Hosts

SecurityWeek attributes a critical vulnerability with a CVSS score of approximately 9.3 to Intel, specifically within the Data Center Graphics driver for VMware ESXi. Described as a buffer overflow, the flaw’s potential impact includes privilege escalation and arbitrary code execution. Within an ESXi environment, a defect in the graphics driver connecting the guest and host represents a high-impact vector, as it targets the hypervisor layer essential for server consolidation.

ESXi remains a dominant hypervisor in enterprise infrastructure. However, the specific technical details of this buffer overflow and its exploitability conditions cannot be independently verified from currently available sources, as the primary Intel advisory was not included in the editorial dossier. It is currently unknown whether the flaw requires local VM access or can be triggered remotely, making it difficult to quantify the real-world risk without official bulletins.

The combination of a score above 9.0 and the nature of the target makes this disclosure particularly noteworthy. Virtualization drivers are often updated on slower cycles than operating systems, which can widen the window of exposure. Until Intel publishes the full advisory text, administrators are advised to proceed with extreme caution.

AMD’s May 12 Advisories: Official Confirmations and Pending Details

AMD’s Product Security page lists advisories published on May 12, 2026, confirming that the vendor released a significant volume of patches on that date. At least 15 bulletins were issued, covering various components across the software and hardware stack. While the date aligns with the SecurityWeek report, the exact correlation between these 15 advisories and the total number of individual flaws has not been publicly verified.

While SecurityWeek cites approximately 70 total vulnerabilities—split between 24 for Intel and nearly 45 for AMD—these figures are not yet corroborated by independent primary sources. AMD’s current security page does not explicitly list a total of 45 vulnerabilities, nor does it provide the specific technical breakdown for CVE-2026-0481. Similarly, the exact publication dates for the approximately 13 Intel advisories mentioned are not directly available in the provided sources.

The absence of detailed primary advisories for these critical flaws represents a concrete information gap. Administrators must act on available intelligence while awaiting the full release of bulletins to conduct precise risk assessments. Until Intel and AMD release comprehensive technical descriptions, any prioritization remains an estimate based solely on SecurityWeek’s findings.

Recommended Remediation and Risk Mitigation

• Isolate ROCm Device Metrics Exporter Network Binding: In GPU clusters, verify if the service is active and force it to listen exclusively on a management interface or a dedicated VLAN. Eliminate exposure to 0.0.0.0 until an official AMD patch is applied.
• Audit Intel ESXi Drivers: For virtualized environments, identify the versions of the Data Center Graphics driver installed on hosts. Plan updates through vendor or VMware channels as a high priority for multi-tenant environments.
• Monitor Official Portals: Closely watch the AMD Product Security page and the Intel Security Center for the release of full advisories. Technical details are necessary to determine if specific attack conditions apply to your environment.
• Strengthen Network Segmentation: Both flaws described by SecurityWeek amplify risk in "flat network" environments where reachability exists between workloads and controllers. Physically or logically separating GPU management networks from ESXi host networks significantly reduces the attack surface.

The May update cycle confirms that the data center attack surface now extends far beyond CPU cores to include the support services surrounding GPUs and hypervisors. The ROCm exporter case demonstrates how a single default setting can neutralize layers of perimeter defense. Until full technical details are released by the vendors, the security of these environments will depend on the speed with which operations teams can restrict exposure ahead of final patching.

Frequently Asked Questions

Is the ROCm Device Metrics Exporter installed by default on all AI/HPC servers?

Current sources do not clarify whether this package is included in all ROCm distributions or only specific monitoring configurations. Without a precise inventory of nodes, it is impossible to quantify the actual exposure across the entire infrastructure.

Why does Intel’s CVE-2026-20794 have a higher CVSS score than the ROCm exporter?

According to SecurityWeek, the 9.3 rating reflects the potential for privilege escalation and code execution within a hypervisor. However, without a vector string analysis, it is impossible to determine if the difference compared to AMD’s 9.2 rating is due to attack complexity or the severity of the impact on the host infrastructure.

Are the current patches from Intel and AMD sufficient to mitigate both criticalities?

The effectiveness and completeness of the fixes cannot be independently verified until the official technical bulletins are released for community review.

Information has been verified against cited sources and is current as of the time of publication.

Sources

• https://www.securityweek.com/chipmaker-patch-tuesday-intel-and-amd-patch-70-vulnerabilities/
• https://nvd.nist.gov/vuln/detail/CVE-2026-31431
• https://www.amd.com/en/resources/product-security.html