Two high-rated security issues have been confirmed by Intel for a few processor series
Working For Notebookcheck
Are you a techie who knows how to write? Then join our Team! English native speakers welcome!
News Writer (AUS/NZL based) - Details here
Intel has just revealed the discovery of two security vulnerabilities (a pair and a single one, in fact) that have been ranked as highly severe, but there is always a silver lining to this, as both will be patched via BIOS updates. Even more, the systems that use processors affected by these issues are only vulnerable via local access, so nobody should fear remote attacks.
Labeled CVE-2021-0157 and CVE-2021-0158 and packed together as one, the first of the two aforementioned vulnerabilities, if successfully exploited, may allow escalation of access privileges. Intel's description is this: "Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access."
The rather long list of processors affected includes Intel's generations 7, 10, and 11. Strange enough, Intel's 8th and 9th processor generations are clean. These are the problematic chips: Xeon E, W, and E3 v6 families, as well as 3rd generation Xeon scalable; Core 7th, 9th, and 10th generations; Core X-series; Celeron N lineup; Pentium Silver.
The second vulnerability is similar to the duo mentioned earlier. Labeled CVE-2021-0146, it also requires physical access for a successful attack and Intel's description says that "Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access."
In this case, the list of affected processors includes only lower-end parts, such as the Pentium and Celeron J and N series, the Atom E3900 series, and a few others. In this case, BIOS updates should iron out the problem as well.
For both vulnerabilities, simply setting a strong BIOS password might be enough to avoid any unwanted security problems. However, Intel did not specify if this is the case or not.