Serious BIOS errors affect Intel CPUs

Sicherheit (Pexels, allgemeine Nutzung)[German]Another addendum from this week. Intel has released a security advisory saying that its processors are affected by BIOS flaws. Potential vulnerabilities in the BIOS for some Intel processors could allow privilege escalation. Intel issues firmware updates via the board manufacturers to mitigate these potential vulnerabilities.


Advertising

Security advisory INTEL-SA-00562  states that potential vulnerabilities in the BIOS reference code for some Intel processors may allow privilege escalation.  Intel is issuing firmware updates to mitigate these potential vulnerabilities.

Vulnerability CVE-2021-0157

Vulnerability CVE-2021-0157 is based on the fact that insufficient control flow management in BIOS firmware for some Intel(R) processors may allow a privileged user to perform privilege escalation via local access. The CVSS Base Score for this vulnerability is 8.2 (High).

Vulnerability CVE-2021-0158

Vulnerability CVE-2021-0158 results from improper input validation in BIOS firmware for some Intel(R) processors. This could allow a privileged user to escalate privileges via local access. The CVSS Base Score for this vulnerability is 8.2 (High).

Affected processors

  • Intel® Xeon® Processor E Family
  • Intel® Xeon® Processor E3 v6 Family
  • Intel® Xeon® Processor W Family
  • 3rd Generation Intel® Xeon® Scalable Processors
  • 11th Generation Intel® Core™ Processors
  • 10th Generation Intel® Core™ Processors
  • 8th Generation Intel® Core™ Processors
  • 7th Generation Intel® Core™ Processors
  • Intel® Core™ X-series Processors
  • Intel® Celeron® Processor N Series
  • Intel® Pentium® Silver Processor Series

Intel recommends users of affected processors update to the latest version provided by the board manufacturer, which fixes these issues. (via)


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).