High Severity BIOS Flaws Impacts Many Intel Processors

Share post:

Intel has identified two serious vulnerabilities affecting a wide range of Intel processor families that allow cyber criminals and malware to gain higher privileges on the affected device.

The bugs were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158. Both have a CVSS v3 score of 8.2 which is considered high.

The former has to do with inadequate control flow control in the BIOS firmware for a number of Intel processors, while the latter concerns improper input validation of the same component.

These vulnerabilities could lead to an escalation of privileges on the device if the attacker had physical access to it.

According to Intel, the affected products are:

    <li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Xeon® Processor E Family</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Xeon® Processor E3 v6 Family</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Xeon® Processor W Family</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>3rd Generation Intel® Xeon® Scalable Processors</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>11th Generation Intel® Core™ Processors</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>10th Generation Intel® Core™ Processors</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>7th Generation Intel® Core™ Processors</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Core™ X-series Processors</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Celeron® Processor N Series</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Pentium® Silver Processor Series</span></li>

Intel encourages users to fix these vulnerabilities by using the latest BIOS updates, and it is strongly recommended to set up a strong password to access the BIOS settings.

For more information, you may view the original story from Bleeping Computer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways