Published in News

Intel reveals 16 new BIOS bugs

by on10 February 2022
Intel reveals 16 new BIOS bugs


Ten of them are higher than Cheech and Chong

Intel has disclosed details of 16 new BIOS vulnerabilities impacting its processors.

In a security bulletin published Chipzilla said that these security weaknesses impact its Core processors from 6th to 11th generations, as well as Xeon processors from the W, E, and D series.

Ten of the security bugs disclosed by Intel have been rated as 'high' in severity, three are 'medium' severity, while one is ranked as 'low' in severity. The bugs arise due to software weaknesses in Intel BIOS firmware, such as buffer overflow, poor control flow management, pointer issues and improper validation.

All of them enable attackers to escalate privileges when needed. Some bugs that include incorrect default permissions and improper access control could also enable cyber actors to launch denial of service attacks against the local machine.

The 16 flaws are tracked as: CVE-2021-0091, CVE-2021-0092, CVE-2021-0093, CVE-2021-0099, CVE-2021-0103, CVE-2021-0107, CVE-2021-0111, CVE-2021-0114, CVE-2021-0115, CVE-2021-0116, CVE-2021-0117, CVE-2021-0118, CVE-2021-0119, CVE-2021-0124, CVE-2021-0125 and CVE-2021-0156.

The most serious of them is CVE-2021-0103, which received a CVSS based score of 8.2 out of 10. According to Intel, this weakness arises due to insufficient control flow management in the firmware, which could allow a privileged user to potentially enable an escalation of privilege via local access.

All 16 bugs require physical access to the system in order to be exploited, meaning that they can't be abused remotely so as long as firms don't let hackers inside the building their machines should be ok. Well, unless the chips are on a laptop and left by a salesman in a brothel somewhere in which case the hacker could nick all the data. 

According to Intel, the products affected by these bugs include:

11th Generation Intel Core Processor Family
10th Generation Intel Core Processor Family
9th Generation Intel Core Processor Family
8th Generation Intel Core Processor Family
7th Generation Intel Core Processor Family
6th Generation Intel Core processor Family
2nd Generation Intel Xeon Scalable Processor Family
Intel Xeon Scalable Processor Family
Intel Xeon Processor W Family
Intel Xeon Processor E Family
Intel Xeon Processor D Family
Intel Core X-series Processor Family
Intel Atom Processor C3XXX Family
Intel credited Hugo Magalhaes from Oracle for discovering eight vulnerabilities and reporting them to the company.

It said it is releasing firmware updates to mitigate these vulnerabilities. The company has also advised users to update the latest versions provided by the system manufacturer to address the issues.

 

Last modified on 10 February 2022
Rate this item
(2 votes)
More in this category: « Google sued for €2.1 billion Nvidia is larger than Meta »
back to top

Latest comments