Security News > 2021 > November > High severity BIOS flaws affect numerous Intel processors

High severity BIOS flaws affect numerous Intel processors
2021-11-15 17:15

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device.

The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component.

Intel hasn't shared many technical details around these two flaws, but they advise users to patch the vulnerabilities by applying the available BIOS updates.

Considering that 7th gen Intel Core processors came out five years ago, it's doubtful that MB vendors are still releasing security BIOS updates for them.

A third flaw for which Intel released a separate advisory on the same day is CVE-2021-0146, also a high-severity elevation of privilege flaw.

An employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect."


News URL

https://www.bleepingcomputer.com/news/security/high-severity-bios-flaws-affect-numerous-intel-processors/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-11-17 CVE-2021-0146 Unspecified vulnerability in Intel products
Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
local
low complexity
intel
4.6

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6832 278 785 431 28 1522