Chipzilla finds two high-severity vulnerabilities

Stefan Mileschin · 17th November 2021, 08:23

Wide range of processor families

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device.

BleepingComputer said the flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high).

The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component. These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices.

Intel hasn't shared many technical details around these two flaws, but they advise users to patch the vulnerabilities by applying the available BIOS updates. This is particularly problematic because motherboard vendors do not release BIOS updates often and don't support their products with security updates for long.

Considering that 7th gen Intel Core processors came out five years ago, it's doubtful that MB vendors are still releasing security BIOS updates for them.

https://fudzilla.com/news/pc-hardwar...ulnerabilities

17th November 2021, 08:23	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 153,541	Chipzilla finds two high-severity vulnerabilities Wide range of processor families Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device. BleepingComputer said the flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high). The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component. These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices. Intel hasn't shared many technical details around these two flaws, but they advise users to patch the vulnerabilities by applying the available BIOS updates. This is particularly problematic because motherboard vendors do not release BIOS updates often and don't support their products with security updates for long. Considering that 7th gen Intel Core processors came out five years ago, it's doubtful that MB vendors are still releasing security BIOS updates for them. https://fudzilla.com/news/pc-hardwar...ulnerabilities

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Chipzilla drops price on high end chip	Stefan Mileschin	WebNews	0	21st May 2019 08:40
Google discloses 'high severity' Mac security flaw ahead of patch	Stefan Mileschin	WebNews	0	5th March 2019 10:15
How the brain vibrates may determine the severity of a concussion	Stefan Mileschin	WebNews	0	3rd April 2018 14:21
AMD CPU Attack Vectors and Vulnerabilities	Stefan Mileschin	WebNews	0	17th March 2018 16:33
Android getting patches for over 100 vulnerabilities	Stefan Mileschin	WebNews	0	4th May 2017 10:55
iOS 9.3.5 fixes serious zero-day vulnerabilities	Stefan Mileschin	WebNews	0	29th August 2016 07:03
OS X, iOS And Linux Have More Vulnerabilities Than Windows	Stefan Mileschin	WebNews	0	24th February 2015 06:57
Understanding When The NSA Discloses Cyber Vulnerabilities	Stefan Mileschin	WebNews	0	1st May 2014 16:28
Attaching a heatsink to the brain can reduce the severity of epileptic seizures	jmke	WebNews	1	9th October 2007 18:22
F-Secure Finds Half Dozen Vulnerabilities in 2 Top Social Networking Sites	jmke	WebNews	0	28th July 2006 13:28