Intel has identified two serious vulnerabilities affecting a wide range of Intel processor families that allow cyber criminals and malware to gain higher privileges on the affected device.
The bugs were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158. Both have a CVSS v3 score of 8.2 which is considered high.
The former has to do with inadequate control flow control in the BIOS firmware for a number of Intel processors, while the latter concerns improper input validation of the same component.
These vulnerabilities could lead to an escalation of privileges on the device if the attacker had physical access to it.
According to Intel, the affected products are:
- <li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Xeon® Processor E Family</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Xeon® Processor E3 v6 Family</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Xeon® Processor W Family</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>3rd Generation Intel® Xeon® Scalable Processors</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>11th Generation Intel® Core™ Processors</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>10th Generation Intel® Core™ Processors</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>7th Generation Intel® Core™ Processors</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Core™ X-series Processors</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Celeron® Processor N Series</span></li><li style=”font-weight: 400;”><span style=”font-weight: 400;”>Intel® Pentium® Silver Processor Series</span></li>
Intel encourages users to fix these vulnerabilities by using the latest BIOS updates, and it is strongly recommended to set up a strong password to access the BIOS settings.
For more information, you may view the original story from Bleeping Computer.