Intel fixes 16 new BIOS-related vulnerabilities

2nd Generation Intel Xeon Scalable Processor Family
Intel Xeon Scalable Processor Family
Intel Xeon Processor W Family
Intel Xeon Processor E Family
Intel Xeon Processor D Family
11th Generation Intel Core Processor Family
10th Generation Intel Core Processor Family
9th Generation Intel Core Processor Family
8th Generation Intel Core Processor Family
7th Generation Intel Core Processor Family
6th Generation Intel Core processor Family
Intel Core X-series Processor Family
Intel Atom Processor C3XXX Family

Vulnerability Detail

CVEID: CVE-2021-0103

Description: Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

 

CVEID: CVE-2021-0114

Description: Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.9 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

 

CVEID: CVE-2021-0115

Description: Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.9 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

 

CVEID: CVE-2021-0116

Description: Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.9 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

 

CVEID: CVE-2021-0117

Description: Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.9 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

 

CVEID: CVE-2021-0118

Description: Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.9 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

 

CVEID: CVE-2021-0099

Description: Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

 

CVEID: CVE-2021-0156

Description: Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

 

CVEID: CVE-2021-0111

Description: NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

 

CVEID: CVE-2021-0107

Description: Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

 

CVEID: CVE-2021-0125

Description: Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L

 

CVEID: CVE-2021-0124

Description: Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 6.3 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

 

CVEID: CVE-2021-0119

Description: Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

CVSS Base Score: 5.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

 

CVEID: CVE-2021-0092

Description: Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

 

CVEID: CVE-2021-0091

Description: Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 3.2 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

 

CVEID: CVE-2021-0093

Description: Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

CVSS Base Score: 2.4 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Of the 16 vulnerabilities, 10 were rated as “high” severity, 3 are listed as “Medium”; one is listed as “Low”. These new vulnerabilities are not on the list of vulnerabilities recently published by Intel and are not related to BIOS vulnerabilities from HP, Dell, Lenovo, or other branded vendors. With these 16 BIOS-related vulnerabilities, attackers can hijack a host’s BIOS to gain local access to steal sensitive data.

Thankfully, these 16 vulnerabilities can only be exploited with physical access locally and cannot be used for remote attacks. Intel said it will address issues arising from the vulnerability through a firmware update, although there is no specific timetable yet.