Detected a serious BIOS vulnerability, affecting many Intel processors
Intel has discovered two critical vulnerabilities affecting many of its processor product lines. Hackers can exploit these vulnerabilities to gain higher privileges on the victim's device.
Initially, the two vulnerabilities were discovered by SentinelOne and assigned the tracking codes CVE-2021-0157 and CVE-2021-0158. Both were rated as hazardous with a CVSS score of 8.2.
The first vulnerability is related to insufficient control flow management in the BIOS firmware with some Intel processors. Meanwhile, the second vulnerability relies on incorrect input validation on the same component.
Although it can lead to privilege escalation attacks, hackers can only exploit these vulnerabilities when they have direct access to the vulnerable system.
According to Intel, the list of affected products includes:
- Intel® Xeon® Processor E Family
- Intel® Xeon® Processor E3 v6 Family
- Intel® Xeon® Processor W Family 3rd Generation
- Intel® Xeon® Scalable Processors 11th Generation
- Intel® Core™ Processors 10th Generation
- Intel® Core™ Processors 7th Generation Intel® Core™ Processors
- Intel® Core™ X-series Processors
- Intel® Celeron® Processor N Series
- Intel® Pentium® Silver Processor Series
Intel has not yet shared details about the newly discovered vulnerabilities. However, the company recommends that users patch the vulnerabilities soon by updating the BIOS to the latest version.
With new motherboards users will easily find BIOS updates. However, for motherboards that are 5 years old or more, it is unlikely that an update will be available to patch the newly discovered vulnerabilities.
If this is the case, set a strong BIOS password to prevent bad guys from accessing and exploiting vulnerabilities.
In addition, Intel has also issued a separate security advisory for the third vulnerability, CVE-2021-0146. This is also a critical vulnerability with a CVSS score of 7.2.
CVE-2021-0146 also allows an attacker to perform privilege escalation if they have direct access to the victim's system. Hackers can exploit CVE-2021-0146 to attack computers, laptops and even cars using Intel chips like Tesla Model 3.
Intel has now rolled out the patch for CVE-2021-0146, and users will receive it through device manufacturers.
You should read it
- Lenovo updates BIOS to patch security holes for hundreds of device models
- Critical Vulnerability Discovered in 3 WordPress Plugins, Affects 84,000 Websites
- AMD CPUs also have security vulnerabilities that have existed for many years now!
- Specter V2 vulnerability re-appears to attack Intel, Arm CPUs, AMD chips are not affected
- Instructions for entering BIOS on different computers
- Found an 'unpatchable' flaw in Intel CPUs
- Detecting an 8-year-old security flaw, affecting 150 HP printer models
- What to do to protect the device from ZombieLoad attack?
- 5 tips for using the BIOS to help you master your computer
- Why Intel killed the BIOS, switched to UEFI?
- New vulnerability on MediaTek chip makes 30% of Android smartphones can be eavesdropped
- The new vulnerability on Intel allows hackers to take control of your computer within 30 seconds
Maybe you are interested
Should I buy Intel Core Ultra 5, 7 or 9 laptop CPU?
Qualcomm considers buying part of Intel's chip design division
How to use Apple Intelligence to summarize emails, web pages, and text
How to use Apple Intelligence writing tool on iPhone
Windows 11 24H2 Boosts Performance for AMD Ryzen Processors, But Not Intel
How are Intel's U, P and H chips different?