As reported by colleagues at Bleeping Computer, the bugs have been discovered by SentinelOne and tracked as CVE-2021-0157 and CVE-2021-0158, both with a CVSS v3 score of 8.2. The former relates to insufficient control flow in the BIOS firmware for some Intel processors, while the latter relies on improper validation of input on the same component. Both could be used for privilege escalation on the machine, but only if the attacker has physical access to the devices.
Here is the list of affected Intel processor families:
Family Processors Intel Xeon E Processor Family Intel Xeon Processor E3 v6 Processor Family Intel Xeon W Processors 3rd Generation Intel Xeon Scalable Processors 11th Generation Intel Core Processors 10th Generation Intel Core Processors 7th Generation Intel Core Processors Intel Core X Series Processors Intel Processor Celeron N series Intel Pentium Silver processor series As you can see, in addition to fairly recent ranges, we also find series that are now quite old and, given these are vulnerabilities involving the BIOS, they will very unlikely update the firmware of outdated motherboards. For this reason, some people will not be able to fix the bug by patch, but it is recommended to protect the BIOS with a password to avoid any damage.
Today, we also talked to you about the latest related news to the next Sapphire Rapids CPUs and Ponte Vecchio GPUs, which will also be used for the ExaFLOP Aurora supercomputers. For more details on this, we recommend that you read our previous article.