[German]Another addendum from this week. Intel has released a security advisory saying that its processors are affected by BIOS flaws. Potential vulnerabilities in the BIOS for some Intel processors could allow privilege escalation. Intel issues firmware updates via the board manufacturers to mitigate these potential vulnerabilities.
Advertising
Security advisory INTEL-SA-00562 states that potential vulnerabilities in the BIOS reference code for some Intel processors may allow privilege escalation. Intel is issuing firmware updates to mitigate these potential vulnerabilities.
Vulnerability CVE-2021-0157
Vulnerability CVE-2021-0157 is based on the fact that insufficient control flow management in BIOS firmware for some Intel(R) processors may allow a privileged user to perform privilege escalation via local access. The CVSS Base Score for this vulnerability is 8.2 (High).
Vulnerability CVE-2021-0158
Vulnerability CVE-2021-0158 results from improper input validation in BIOS firmware for some Intel(R) processors. This could allow a privileged user to escalate privileges via local access. The CVSS Base Score for this vulnerability is 8.2 (High).
Affected processors
- Intel® Xeon® Processor E Family
- Intel® Xeon® Processor E3 v6 Family
- Intel® Xeon® Processor W Family
- 3rd Generation Intel® Xeon® Scalable Processors
- 11th Generation Intel® Core™ Processors
- 10th Generation Intel® Core™ Processors
- 8th Generation Intel® Core™ Processors
- 7th Generation Intel® Core™ Processors
- Intel® Core™ X-series Processors
- Intel® Celeron® Processor N Series
- Intel® Pentium® Silver Processor Series
Intel recommends users of affected processors update to the latest version provided by the board manufacturer, which fixes these issues. (via)
