Intel confirms two local security issues affecting many generations of Intel processors
Intel released two security advisories this week for many of the company’s processor generations. The vulnerabilities have received a high severity rating, the second highest after critical.
The good news is that both problems require local access to be exploited. Bad news, BIOS updates are required to fix the problems.
Vulnerabilities CVE-2021-0157 and CVE-2021-0158 can allow privilege escalation if exploited successfully. The base vulnerability score is 8.2, high.
Intel describes the problem as follows:
Insufficient control flow management in the BIOS firmware for some Intel (R) processors can allow a privileged user to potentially enable privilege escalation through local access.
The following processor families are affected by the problem according to Intel:
Intel® Xeon E processor family
Intel® Xeon Processor E3 v6 Family
Intel® Xeon W Processor Family
3rd Generation Intel Xeon Scalable Processors
11th Generation Intel Core ™ processors
10th Generation Intel Core ™ Processors
7th Generation Intel Core ™ Processors
Intel Core ™ X series processors
Intel Celeron N series processor
Intel Pentium Silver Processor Series
It seems strange that generations of Intel processors 7, 10 and 11 are affected, but generations 8 and 9 are not.
The second vulnerability, CVE-2021-0146, can also allow privilege escalation. It also requires physical access for the attack. The base vulnerability score is 7.1, which is also high.
Intel provides the following description:
The hardware enables the activation of test or debug logic at runtime for some Intel (R) processors, which can allow an unauthenticated user to potentially enable privilege escalation through physical access.
The following Intel products are affected according to the company:
Desktop, Mobile
Intel Pentium Processor J Series, N Series
Intel Celeron Processor J Series, N Series
Intel Atom Series A processor
Intel Atom E3900 Series Processor
Incorporated
Intel Pentium N series processor
Intel Celeron N series processor
Intel Atom E3900 Series Processor
Desktop, Mobile
Procesador Intel Pentium Silver Series / J&N Series?
Desktop, Mobile
Procesador Intel Pentium Silver Series / J&N Series? – Actualizar
Incorporated
Procesador Intel® Atom® C3000
Intel has released updates, but system builders must provide them to their customers. If you can go through the past, it is unlikely that older products will receive BIOS updates that address the issues.
Still, you may want to check the manufacturer’s website regularly to find out if an update has been released.
Intel does not disclose additional details about the vulnerabilities. It is not clear at this time if setting a BIOS password is sufficient to prevent attacks from being carried out.
Now you: Do vulnerabilities affect you? (via Deskmodder)
advertising
Mining on RTX 3070. Overclocking, tuning, profitability, consumption: If you are interested in finding more…
Mining with GTX 1660, 1660 Ti, 1660 Super. Overclocking, settings, consumption, profitability, comparisons - If…
Mining with RTX 2070 and 2070 Super. Overclocking, profitability, consumption, comparison What the RTX 2070…
Mining with RTX 3060, 3060 Ti. Limitations, overclocking, settings, consumption, profitability, comparison Let's look at…
Alphacool Eisblock Aurora Acryl GPX-A (2022) with Sapphire Radeon RX 6950 XT Nitro+ Pure in…
In the ever-evolving landscape of business strategy, Bitcoin has emerged as a pivotal asset. With…
This website uses cookies.