Two new serious vulnerabilities found in Intel processors

Intel has announced the identification of twohigh severity vulnerabilities affecting a wide range of company-branded processors. The vulnerabilities found allow attackers to use malware to gain higher privileges on a user device.

The problem was revealed by a California startupSentinelOne. The vulnerabilities are named CVE-2021-0157 and CVE-2021-0158 and are classified as high severity (CVSS v3 8.2).

The first issue CVE-2021-0157 is caused bydeficiencies in BIOS control threads for some Intel processors. Vulnerability CVE-2021-0158 is based on incorrect input validation in BIOS. In order to exploit vulnerabilities, hackers must have physical access to devices. However, BIOS passwords cannot provide effective protection.

Intel said in a statement that the following processor groups are affected:
• Family of processors Intel Xeon E;
• Intel Xeon processor E3 v6 family:
• Family of processors Intel Xeon W;
• Intel Xeon 3rd generation processors;
• Intel Core processors 11th generation;
• Intel Core processors of the 10th generation;
• Intel Core processors of the 7th generation;
• Intel Core X series processors;
• Processor Intel Celeron N series;
• Line of Intel Pentium Silver processors.

Intel does not disclose technicaldetails the problems and recommends that users regularly install BIOS updates to fix the vulnerability. Meanwhile, motherboard manufacturers don't release BIOS updates very often.

Considering the fact that, for example, Intel Core 7thgenerations passed five years ago, it is unlikely that manufacturers are still releasing BIOS security updates for them. As a result, some users will not be able to fix these vulnerabilities.

Intel also issued recommendationsregarding the third vulnerability - CVE-2021-0146, which has been assigned high severity (CVSS 7.2). This problem was identified by Positive Technologies and affects hardware solutions for cars, and can also provide cybercriminals with the ability to gain access to confidential information. The vulnerability affects cars in which Intel Atom E3900 processors are installed, including Tesla Model 3. Intel announced that the new update has already fixed the vulnerability CVE-2021-0146.

Source: bleepingcomputer