Intel has identified two serious vulnerabilities affecting a wide range of Intel processor families that allow cybercriminals and malware to gain higher privileges on the affected device.
The bugs were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158. Both have a CVSS v3 score of 8.2 which is considered high.
The former has to do with inadequate control flow control in the BIOS firmware for a number of Intel processors, while the latter concerns improper input validation of the same component.
These vulnerabilities could lead to an escalation of privileges on the device if the attacker had physical access to it.
According to Intel, the affected products are:
- Intel Xeon Processor E Family
- Intel Xeon Processor E3 v6 Family
- Intel Xeon Processor W Family
- 3rd Generation Intel Xeon Scalable Processors
- 11th Generation Intel Core Processors
- 10th Generation Intel Core Processors
- 7th Generation Intel Core Processors
- Intel Core X-series Processors
- Intel Celeron Processor N Series
- Intel Pentium Silver Processor Series
Intel encourages users to fix these vulnerabilities by using the latest BIOS updates, and it is strongly recommended to set up a strong password to access the BIOS settings.