Security researchers from Positive Technologies (PT) have disclosed a high severity Privilege Escalation vulnerability (CVE-2021-0146) which allows attackers to read encryption keys. We have created this post to let you know which versions of Intel processors are vulnerable to this flaw and how you can fix CVE-2021-0146, a high severity Privilege Escalation vulnerability.
Table of Contents
Summary of CVE-2021-0146:
The vulnerability is rated 7.1 as per the CVSS v3.
| CVSS v3 Base Score | 7.1 |
| Description | Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |
| Vector | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Access Vector | Physical |
| Access Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Changed |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
Intel Processors Affected By CVE-2021-0146A Privilege Escalation Vulnerability
The vulnerability mainly affects the J and N series of Pentium and Celeron Processors. Specially, CPU IDs 506C9, 506CA, 706A1, 706A8, and 506F1.
These chips are used to power laptops, mobile devices, embedded systems, medical devices, and a variety of internet of things (IoT).
| egment | Chipset/SOC or Processor | CPU ID | Platform ID |
| Desktop, Mobile | Intel® Pentium® Processor J Series, N Series Intel® Celeron® Processor J Series, N Series Intel® Atom® Processor A Series Intel® Atom® Processor E3900 Series |
506C9 |
3 |
| Embedded | Intel® Pentium® Processor N Series Intel® Celeron® Processor N Series Intel® Atom® Processor E3900 Series |
506CA |
3 |
| Desktop, Mobile | Intel® Pentium® Processor Silver Series/ J&N Series | 706A1 | 1 |
| Desktop, Mobile | Intel® Pentium® Processor Silver Series/ J&N Series – Refresh | 706A8 | 1 |
| Embedded | Intel® Atom® Processor C3000 | 506F1 | 1 |
How This Intel CVE-2021-0146A Privilege Escalation Vulnerability Impacts On End Users?
There are severe negative implications if we list. Since it’s a local privilege escalation vulnerability, attackers may need physical access to abuse the flaw. This vulnerability allows an attacker to extract a device’s encryption key from a stolen laptop and gain access to the encrypted data on the laptop.
Attackers can use this vulnerability to decrypt digital content protected by Intel’s Platform Trust Technology and Enhanced Privacy ID (EPID) technologies by extracting the root EPID encryption key. This allows adversaries to frame a supply chain attack.
How To Fix CVE-2021-0146- A Local Privilege Escalation Vulnerability In Intel Chips?
To address this vulnerability, Intel has published a security advisory that recommends that users of affected Intel® Processors upgrade their BIOS (provided by the system manufacturer) to the latest version. Please contact the device vendors for more support.
For instance, Dell has published that it has fixed these three vulnerabilities in its new BIOS release in its November security update.
We hope this post will help you in knowing How to Fix CVE-2021-0146- A High Severity Privilege Escalation Vulnerability in Intel Chips. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270081.html