Published in PC Hardware

Chipzilla finds two high-severity vulnerabilities

by on16 November 2021

Wide range of processor families

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device.

BleepingComputer said the flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high).

The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component. These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices.

Intel hasn't shared many technical details around these two flaws, but they advise users to patch the vulnerabilities by applying the available BIOS updates. This is particularly problematic because motherboard vendors do not release BIOS updates often and don't support their products with security updates for long.

Considering that 7th gen Intel Core processors came out five years ago, it's doubtful that MB vendors are still releasing security BIOS updates for them.

Some users will be left with no practical way to fix the flaws which can only be handled by setting up a strong password for accessing the BIOS settings.

Intel also released a separate advisory for a high-severity elevation of privilege flaw (CVE-2021-0146) that affects several car models that use the Intel Atom E3900.

"Intel has released a firmware update to mitigate this flaw, and users will get it through patches supplied by the system manufacturer," the report says.


Last modified on 16 November 2021
Rate this item
(2 votes)

Read more about: