Intel confirms two local security issues that affect many Intel processor generations

The_King

Level 12
Thread author
Verified
Top Poster
Well-known
Aug 2, 2020
542
Intel published two security advisories for many of the company's processor generations this week. The vulnerabilities have received a severity rating of high, the second-highest after critical.

Good news is that the two issues require local access to be exploited. Bad news, that BIOS updates are required to address the issues.

Vulnerabilities CVE-2021-0157 and CVE-2021-0158 may allow escalation of privilege if successfully exploited. The vulnerabilities base score is 8.2, high.

Intel describes the issue in the following way:

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
The following processor families are affected by the issue according to Intel:

Intel® Xeon Processor E Family
Intel® Xeon Processor E3 v6 Family
Intel® Xeon Processor W Family
3rd Generation Intel Xeon Scalable Processors
11th Generation Intel Core™ Processors
10th Generation Intel Core™ Processors
7th Generation Intel Core™ Processors
Intel Core™ X-series Processors
Intel Celeron Processor N Series
Intel Pentium Silver Processor Series
It seems strange that Intel processor generations 7, 10 and 11 are affected, but generations 8 and 9 are not.

The second vulnerability, CVE-2021-0146, may allow escalation of privilege as well. It too requires physical access for the attack. The base score of the vulnerability is 7.1, which is also high.
 

The_King

Level 12
Thread author
Verified
Top Poster
Well-known
Aug 2, 2020
542

High severity BIOS flaws affect numerous Intel processors

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device.

The flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high).

The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component.

These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top