Detected a serious BIOS vulnerability, affecting many Intel processors

Located in the BIOS, two newly discovered vulnerabilities allow hackers to perform malicious attacks on the victim's system.

Intel has discovered two critical vulnerabilities affecting many of its processor product lines. Hackers can exploit these vulnerabilities to gain higher privileges on the victim's device.

Initially, the two vulnerabilities were discovered by SentinelOne and assigned the tracking codes CVE-2021-0157 and CVE-2021-0158. Both were rated as hazardous with a CVSS score of 8.2.

The first vulnerability is related to insufficient control flow management in the BIOS firmware with some Intel processors. Meanwhile, the second vulnerability relies on incorrect input validation on the same component.

Detected a serious BIOS vulnerability, affecting many Intel processors Picture 1Detected a serious BIOS vulnerability, affecting many Intel processors Picture 1

Although it can lead to privilege escalation attacks, hackers can only exploit these vulnerabilities when they have direct access to the vulnerable system.

According to Intel, the list of affected products includes:

  1. Intel® Xeon® Processor E Family
  2. Intel® Xeon® Processor E3 v6 Family
  3. Intel® Xeon® Processor W Family 3rd Generation
  4. Intel® Xeon® Scalable Processors 11th Generation
  5. Intel® Core™ Processors 10th Generation
  6. Intel® Core™ Processors 7th Generation Intel® Core™ Processors
  7. Intel® Core™ X-series Processors
  8. Intel® Celeron® Processor N Series
  9. Intel® Pentium® Silver Processor Series

Intel has not yet shared details about the newly discovered vulnerabilities. However, the company recommends that users patch the vulnerabilities soon by updating the BIOS to the latest version.

With new motherboards users will easily find BIOS updates. However, for motherboards that are 5 years old or more, it is unlikely that an update will be available to patch the newly discovered vulnerabilities.

If this is the case, set a strong BIOS password to prevent bad guys from accessing and exploiting vulnerabilities.

In addition, Intel has also issued a separate security advisory for the third vulnerability, CVE-2021-0146. This is also a critical vulnerability with a CVSS score of 7.2.

CVE-2021-0146 also allows an attacker to perform privilege escalation if they have direct access to the victim's system. Hackers can exploit CVE-2021-0146 to attack computers, laptops and even cars using Intel chips like Tesla Model 3.

Intel has now rolled out the patch for CVE-2021-0146, and users will receive it through device manufacturers.

4 ★ | 1 Vote