Intel confirms two local security issues affecting many generations of Intel processors

Intel released two security advisories this week for many of the company’s processor generations. The vulnerabilities have received a high severity rating, the second highest after critical.

The good news is that both problems require local access to be exploited. Bad news, BIOS updates are required to fix the problems.

Vulnerabilities CVE-2021-0157 and CVE-2021-0158 can allow privilege escalation if exploited successfully. The base vulnerability score is 8.2, high.

Intel describes the problem as follows:

Insufficient control flow management in the BIOS firmware for some Intel (R) processors can allow a privileged user to potentially enable privilege escalation through local access.

The following processor families are affected by the problem according to Intel:

Intel® Xeon E processor family
Intel® Xeon Processor E3 v6 Family
Intel® Xeon W Processor Family
3rd Generation Intel Xeon Scalable Processors
11th Generation Intel Core ™ processors
10th Generation Intel Core ™ Processors
7th Generation Intel Core ™ Processors
Intel Core ™ X series processors
Intel Celeron N series processor
Intel Pentium Silver Processor Series

It seems strange that generations of Intel processors 7, 10 and 11 are affected, but generations 8 and 9 are not.

The second vulnerability, CVE-2021-0146, can also allow privilege escalation. It also requires physical access for the attack. The base vulnerability score is 7.1, which is also high.

Intel provides the following description:

The hardware enables the activation of test or debug logic at runtime for some Intel (R) processors, which can allow an unauthenticated user to potentially enable privilege escalation through physical access.

The following Intel products are affected according to the company:

Desktop, Mobile

Intel Pentium Processor J Series, N Series

Intel Celeron Processor J Series, N Series

Intel Atom Series A processor

Intel Atom E3900 Series Processor

Incorporated

Intel Pentium N series processor

Intel Celeron N series processor

Intel Atom E3900 Series Processor

Desktop, Mobile

Procesador Intel Pentium Silver Series / J&N Series?

Desktop, Mobile

Procesador Intel Pentium Silver Series / J&N Series? – Actualizar

Incorporated

Procesador Intel® Atom® C3000

Resolution

Intel has released updates, but system builders must provide them to their customers. If you can go through the past, it is unlikely that older products will receive BIOS updates that address the issues.

Still, you may want to check the manufacturer’s website regularly to find out if an update has been released.

Intel does not disclose additional details about the vulnerabilities. It is not clear at this time if setting a BIOS password is sufficient to prevent attacks from being carried out.

Now you: Do vulnerabilities affect you? (via Deskmodder)

advertising