16 November 2021

High severity BIOS flaws affect numerous Intel processors

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device.

The flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high).

The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component.

These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices.

The affected products, according to Intel's advisory, are the following:

Intel® Xeon® Processor E Family

Intel® Xeon® Processor E3 v6 Family

Intel® Xeon® Processor W Family

3rd Generation Intel® Xeon® Scalable Processors

11th Generation Intel® Core™ Processors

10th Generation Intel® Core™ Processors

7th Generation Intel® Core™ Processors

Intel® Core™ X-series Processors

Intel® Celeron® Processor N Series

Intel® Pentium® Silver Processor Series

Intel hasn't shared many technical details around these two flaws, but they advise users to patch the vulnerabilities by applying the available BIOS updates.

This is particularly problematic because motherboard vendors do not release BIOS updates often and don't support their products with security updates for long.


No comments:

Post a Comment