A potential security vulnerability in some Intel® Processors may allow escalation of privilege.** **Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2021-0146
Description: Hardware allows activation of test or debug logic at runtime for some Intel® processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H****
Segment
|
Chipset/SOC or Processor
|
CPU ID
|
Platform ID
—|—|—|—
Desktop, Mobile
|
Intel® Pentium® Processor J Series, N Series
Intel® Celeron® Processor J Series, N Series
Intel® Atom® Processor A Series
Intel® Atom® Processor E3900 Series
|
506C9
|
3
Embedded
|
Intel® Pentium® Processor N Series
Intel® Celeron® Processor N Series
Intel® Atom® Processor E3900 Series
|
506CA
|
3
Desktop, Mobile
|
Intel® Pentium® Processor Silver Series/ J&N Series
|
706A1
|
1
Desktop, Mobile
|
Intel® Pentium® Processor Silver Series/ J&N Series - Refresh
|
706A8
|
1
Embedded
|
Intel® Atom® Processor C3000
|
506F1
|
1
Intel recommends that users of affected Intel® Processors update to the latest version provided by the system manufacturer that addresses these issues.
This vulnerability was researched and reported by Mark Ermolov and Dmitry Sklyarov (Positive Technologies) and Maxim Goryachy (independent).
Intel would like to thank its employees Chandni Bhowmik and Ilya Wagner for identifying and developing the Proof of Concept (POC) for CVE-2021-0146 on Intel® Pentium® Processor Silver Series/ J&N Series and Intel® Pentium® Processor Silver Series/ J&N Series Refresh Processor Family.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.