Vulnerability Could Allow Enhanced Privileges to Unauthorized Users

SAM Vulnerability
Share It On:

25th November 2021, Kathmandu

Researchers at Positive Technologies recently found a vulnerability in Intel processors. The CVE-2021-0146 vulnerability empowers testing or investigating modes on various Intel processor lines. This could permit an unauthorized user with actual access to obtain enhanced privileges on the system.

The vulnerability affects the Pentium, Celeron, and Atom processors of the Apollo Lake, Gemini Lake, and Gemini Lake Refresh stages, utilized in cell phones, embedded systems, and IoT systems, like smart home appliances, vehicles, and clinical instruments.

The threat affects a wide range of ultra-portable netbooks and a huge base of Intel-based Internet of Things (IoT) systems, from home machines and smart home systems to vehicles and clinical instruments.

What are the vulnerability details?

The Intel site published the given vulnerability details:

CVEID: CVE-2021-0146

Description: Hardware permits activation of the test or debugs logic at runtime for some Intel(R) processors which might permit an unauthenticated user to possibly enable escalation of privilege through physical access.

CVSS Base Score: 7.1 High

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Positive Technologies specialists said, in exploiting this vulnerability cybercriminals can:

  • Extract the encryption key and get access to data on a laptop
  • Direct designated attacks across the supply chain

One illustration of a real threat is lost or stolen laptops that contain secret data in encoded form. Utilizing this vulnerability, an attacker can extract the encryption key and get close enough to the data in the laptop.

The bug can likewise be exploited in designated attacks across the supply chain.

For instance, a worker of an Intel processor-based device provider could extract the Intel CSME firmware key and send spyware that security software would not detect.

As recognized by Intel, the bug, which got a score of 7.1 on the CVSS 3.1 scale, was distinguished by Mark Ermolov, Dmitry Sklyarov (both from Positive Technologies), and Maxim Goryachy (an independent researcher).

Why and how did this occur?

CISO MAG connected with Mark Ermolov, Lead researcher of OS and Hardware Security at Positive Technologies, for his interpretation of the incident.

“Sellers accept that the actual access needed to work them puts such attacks out of extension in their security models.

Notwithstanding, actually current stages contain, notwithstanding the private information of clients, the privileged information of the actual maker (the supposed Assets) — while extricating these resources, the whole infrastructure can be put at risk, including the individual information of clients,” said Ermolov.

How should makers and clients respond?

In an authority official statement Positive Technology said: “To keep away from issues later on and forestall the conceivable bypassing of inherent insurance, makers ought to be more cautious in their way to deal with security infrastructure for investigate components.”

To fix the found vulnerability, clients ought to introduce the UEFI BIOS refreshes distributed by the end producers of the separate electronic devices.

“This is a firmware update, however lamentably Intel doesn’t clarify which subsystem the fix influences. This could be a processor microcode update, power the executive’s regulator firmware, Intel CSME firmware, or UEFI firmware.

We don’t know right now how precisely the mistake is fixed, however, we are persuaded that the blunder can’t be fixed at a central level, since it is installed in the devices. All things considered, Intel has made a fix that just keeps our Proof of Concept from working (which we shipped off them with bit by bit clarifications),” said Ermolov.

How has Intel reacted?

Intel is delivering firmware updates to moderate this possible vulnerability. On its page, Intel suggests that clients of impacted Intel processors update to the most recent adaptation given by the infrastructure maker that resolves these issues.

In the interim, PC producers utilizing these Intel processors have begun distributing firmware updates, and you should check the Drivers and Downloads segments on their sites.


Share It On:

Recent Posts

Gaur’s Bajaj Mileage Champion: A Testament to Platina’s Fuel Efficiency

Gaur’s Bajaj Mileage Champion: A Testament to Platina’s Fuel Efficiency

Share It On:26th November 2024, Kathmandu The Bajaj Mileage Champion event was successfully concluded in Gaur, Rautahat, bringing together Bajaj

Melaka ICT Holdings Awarded (MICTH) Asia’s Most Promising SMEs for Smart City & Digital Transformation Leadership

Melaka ICT Holdings Awarded (MICTH) Asia’s Most Promising SMEs for

Share It On:Melaka ICT Holdings Sdn Bhd (MICTH), a key player in enhancing the digital and telecommunications landscape of Melaka,

Airple Revolutionizes Aircon Maintenance with New Website & App – Book, Track, and Manage Services Effortlessly

Airple Revolutionizes Aircon Maintenance with New Website & App –

Share It On:26th November 2024, Kathmandu On October 4, 2024, Airple, a leader in air conditioning installation, repair, and aircon

“Medical Elite: Regenerative Medicine” – Discover Stem Cell Therapy’s Potential on Discovery Channel

“Medical Elite: Regenerative Medicine” – Discover Stem Cell Therapy’s Potential

Share It On:26th November 2024, Kathmandu A riveting new documentary, Medical Elite: Regenerative Medicine, featuring Japan’s premier STEMCELL Co., Ltd,

Robert Walters Digital Salary Survey 2025: Insights on Hong Kong Job Market, In-Demand Roles, and Salary Trends

Robert Walters Digital Salary Survey 2025: Insights on Hong Kong

Share It On:26th November 2024, Kathmandu Hong Kong’s job market has experienced significant challenges over the past year, with layoffs

CNI Appoints Birendra Raj Pandey as Senior Vice President

CNI Appoints Birendra Raj Pandey as Senior Vice President

Share It On:26th November 2024, Kathmandu Birendra Raj Pandey has been appointed as the Senior Vice President of the Confederation