Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Two high-rated security issues have been confirmed by Intel for a few processor series

Intel 8th generation processor wafer (Source: Intel)
Intel 8th generation processor wafer (Source: Intel)
Although the two vulnerabilities described in today's security advisories are not labeled "critical," Intel describes both as posing a high-security risk. The two issues target Intel processors from generations 7, 10, and 11. Thankfully, BIOS updates will iron out these security flaws.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! English native speakers welcome!

News Writer (AUS/NZL based) - Details here

Intel has just revealed the discovery of two security vulnerabilities (a pair and a single one, in fact) that have been ranked as highly severe, but there is always a silver lining to this, as both will be patched via BIOS updates. Even more, the systems that use processors affected by these issues are only vulnerable via local access, so nobody should fear remote attacks.

Labeled CVE-2021-0157 and CVE-2021-0158 and packed together as one, the first of the two aforementioned vulnerabilities, if successfully exploited, may allow escalation of access privileges. Intel's description is this: "Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access."

The rather long list of processors affected includes Intel's generations 7, 10, and 11. Strange enough, Intel's 8th and 9th processor generations are clean. These are the problematic chips: Xeon E, W, and E3 v6 families, as well as 3rd generation Xeon scalable; Core 7th, 9th, and 10th generations; Core X-series; Celeron N lineup; Pentium Silver.  

The second vulnerability is similar to the duo mentioned earlier. Labeled CVE-2021-0146, it also requires physical access for a successful attack and Intel's description says that "Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access."

In this case, the list of affected processors includes only lower-end parts, such as the Pentium and Celeron J and N series, the Atom E3900 series, and a few others. In this case, BIOS updates should iron out the problem as well. 

For both vulnerabilities, simply setting a strong BIOS password might be enough to avoid any unwanted security problems. However, Intel did not specify if this is the case or not.

Buy the Intel Core i9-11900K desktop processor on Amazon

, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Read all 3 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Codrut Nistor
Codrut Nistor - Senior Tech Writer - 5528 articles published on Notebookcheck since 2013
In my early school days, I hated writing and having to make up stories. A decade later, I started to enjoy it. Since then, I published a few offline articles and then I moved to the online space, where I contributed to major websites that are still present online as of 2021 such as Softpedia, Brothersoft, Download3000, but I also wrote for multiple blogs that have disappeared over the years. I've been riding with the Notebookcheck crew since 2013 and I am not planning to leave it anytime soon. In love with good mechanical keyboards, vinyl and tape sound, but also smartphones, streaming services, and digital art.
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2021 11 > Two high-rated security issues have been confirmed by Intel for a few processor series
Codrut Nistor, 2021-11-15 (Update: 2021-11-15)