Chipzilla finds two high-severity vulnerabilities

Stefan Mileschin · 17th November 2021, 07:23

Wide range of processor families

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device.

BleepingComputer said the flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high).

The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component. These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices.

Intel hasn't shared many technical details around these two flaws, but they advise users to patch the vulnerabilities by applying the available BIOS updates. This is particularly problematic because motherboard vendors do not release BIOS updates often and don't support their products with security updates for long.

Considering that 7th gen Intel Core processors came out five years ago, it's doubtful that MB vendors are still releasing security BIOS updates for them.

https://fudzilla.com/news/pc-hardwar...ulnerabilities

17th November 2021, 07:23	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 148,802	Chipzilla finds two high-severity vulnerabilities Wide range of processor families Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device. BleepingComputer said the flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high). The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component. These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices. Intel hasn't shared many technical details around these two flaws, but they advise users to patch the vulnerabilities by applying the available BIOS updates. This is particularly problematic because motherboard vendors do not release BIOS updates often and don't support their products with security updates for long. Considering that 7th gen Intel Core processors came out five years ago, it's doubtful that MB vendors are still releasing security BIOS updates for them. https://fudzilla.com/news/pc-hardwar...ulnerabilities

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Chipzilla drops price on high end chip	Stefan Mileschin	WebNews	0	21st May 2019 07:40
Google discloses 'high severity' Mac security flaw ahead of patch	Stefan Mileschin	WebNews	0	5th March 2019 09:15
How the brain vibrates may determine the severity of a concussion	Stefan Mileschin	WebNews	0	3rd April 2018 13:21
AMD CPU Attack Vectors and Vulnerabilities	Stefan Mileschin	WebNews	0	17th March 2018 15:33
Android getting patches for over 100 vulnerabilities	Stefan Mileschin	WebNews	0	4th May 2017 09:55
iOS 9.3.5 fixes serious zero-day vulnerabilities	Stefan Mileschin	WebNews	0	29th August 2016 06:03
OS X, iOS And Linux Have More Vulnerabilities Than Windows	Stefan Mileschin	WebNews	0	24th February 2015 05:57
Understanding When The NSA Discloses Cyber Vulnerabilities	Stefan Mileschin	WebNews	0	1st May 2014 15:28
Attaching a heatsink to the brain can reduce the severity of epileptic seizures	jmke	WebNews	1	9th October 2007 17:22
F-Secure Finds Half Dozen Vulnerabilities in 2 Top Social Networking Sites	jmke	WebNews	0	28th July 2006 12:28