Notebookcheck Logo

Two high-rated security issues have been confirmed by Intel for a few processor series

Intel 8th generation processor wafer (Source: Intel)
Intel 8th generation processor wafer (Source: Intel)
Although the two vulnerabilities described in today's security advisories are not labeled "critical," Intel describes both as posing a high-security risk. The two issues target Intel processors from generations 7, 10, and 11. Thankfully, BIOS updates will iron out these security flaws.
Fail Security Desktop Workstation Laptop Kaby Lake Coffee Lake Ice Lake Tiger Lake

Intel has just revealed the discovery of two security vulnerabilities (a pair and a single one, in fact) that have been ranked as highly severe, but there is always a silver lining to this, as both will be patched via BIOS updates. Even more, the systems that use processors affected by these issues are only vulnerable via local access, so nobody should fear remote attacks.

Labeled CVE-2021-0157 and CVE-2021-0158 and packed together as one, the first of the two aforementioned vulnerabilities, if successfully exploited, may allow escalation of access privileges. Intel's description is this: "Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access."

The rather long list of processors affected includes Intel's generations 7, 10, and 11. Strange enough, Intel's 8th and 9th processor generations are clean. These are the problematic chips: Xeon E, W, and E3 v6 families, as well as 3rd generation Xeon scalable; Core 7th, 9th, and 10th generations; Core X-series; Celeron N lineup; Pentium Silver.  

The second vulnerability is similar to the duo mentioned earlier. Labeled CVE-2021-0146, it also requires physical access for a successful attack and Intel's description says that "Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access."

In this case, the list of affected processors includes only lower-end parts, such as the Pentium and Celeron J and N series, the Atom E3900 series, and a few others. In this case, BIOS updates should iron out the problem as well. 

For both vulnerabilities, simply setting a strong BIOS password might be enough to avoid any unwanted security problems. However, Intel did not specify if this is the case or not.

Buy the Intel Core i9-11900K desktop processor on Amazon

Related Articles

ÆPIC affects Intel 10th gen to 12th gen CPUs. (Image Source: Aepicleak.com)
New CPU architecture vulnerabilities: Intel 10th gen to 12th gen chips affected by AEPIC, SQUIP exploits loophole in all AMD Zen CPUs with SMT 08/16/2022
Bad actors were previously able to take advantage of a vulnerability in AppX installer that allowed them to spread malware. (Image: RoonZ.nl via Unsplash)
Microsoft patches spoofing vulnerability that was exploited to spread malware 12/16/2021
The Nokia 9 PureView has received one OS update, despite being a member of the Android One program. (Image source: Nokia)
The Nokia 9 PureView is another sorry chapter in Google's failed Android One program 12/01/2021
The Joker malware can obtain SMS management information that leads to unwanted premium SMS subscription signups. (Image source: Unsplash - edited)
Joker malware discovered in multiple apps with thousands of installs on the Google Play Store 11/23/2021
Cloudflare successfully detected and deterred a 2 Tbps multi-vector DDoS attack. (Image: Cloudflare)
Cloudflare fends off a multi-vector DDoS attack 11/17/2021
With the upcoming Raptor Lake generation of CPUs, Intel intends to further improve the efficiency of its processors (Image: Gadget Tendency)
Intel's upcoming Raptor Lake CPUs could use 25% less power and become more efficient thanks to D-LVR 11/15/2021
Most 7th generation Intel Core processors cannot run Windows 11, but a Pentium 4 can. (Image source: Intel)
Windows 11 hardware requirements made a mockery of by an Intel Pentium 4 processor 10/18/2021
Even recently launched Lenovo products are affected. (Source: Lenovo)
Lenovo laptops silently stripped of important feature in BIOS updates 07/14/2021
You do not need a dedicated TPM 2.0 chip to run Windows 11. (Image source: Microsoft)
Windows 11: No Trusted Platform Module? Many AMD and Intel processors can run Microsoft's new OS without a dedicated TPM 2.0 chip 06/29/2021
Researchers claim hackers could leverage the vulnerabilities to target
Intel refutes claim that newly-uncovered Spectre vulnerability variants need patching with performance-leeching fixes 05/04/2021
Intel claims Rocket League can't be played on a Mac, even that it can using CrossOver. (Image source: Intel)
Intel's new adverts claim that Windows laptops are better options than Apple MacBooks for content creators and gamers 02/12/2021
The Galaxy Fold and Galaxy Books S both run very similar Qualcomm Snapdragon ARM-based chipsets. (Image: Notebookcheck)
Apple veteran says Windows PC OEMs have no option but to drop Intel x86 for ARM 07/14/2020
Intel has been releasing security patches since January, but this is the first time it banned testing them for performance discrepancies. (Source: MarketWatch)
Intel revises ban on benchmarking its newest microcode patch 08/24/2018
'Haswell' CPU owners are getting increased security at the expense of reliability. (Source: Overclock3D)
Intel 'Haswell' and 'Broadwell' CPU users complain of higher system reboots after applying Meltdown and Spectre patches 01/14/2018
The bug affects all Kaby Lake and Skylake chips with Hyperthreading. (Source: Intel)
Serious Hyperthreading bug affects Intel Skylake and Kaby Lake architectures 06/26/2017
Read all 3 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2021 11 > Two high-rated security issues have been confirmed by Intel for a few processor series
Codrut Nistor, 2021-11-15 (Update: 2021-11-15)