M H Recently, the National Information Security Vulnerability Database (CNNVD) received reports on the security vulnerabilities of a variety of Intel products, including Intel BIOS privilege escalation vulnerabilities (CNNVD-202111-917, CVE-2021-0157), Intel BIOS privilege escalation vulnerabilities ( CNNVD-202111-920, CVE-2021-0158), Intel PROSet/Wireless WiFiSoftware security vulnerabilities (CNNVD-202111-941, CVE-2021-0063), etc. An attacker who successfully exploited the above vulnerabilities can elevate permissions on the target system, etc. Multiple Intel products and systems are affected by the vulnerability. At present, Intel has officially released a patch for the vulnerability. It is recommended that users confirm whether they are affected by the vulnerability and take corrective measures as soon as possible.
1. Vulnerability introduction
1. Intel BIOS privilege escalation vulnerability (CNNVD-202111-917, CVE-2021-0157)
Vulnerability introduction: Intel Bios is the basic input output system of Intel Corporation in the United States. It is used to perform hardware initialization during the power-on startup phase and firmware that provides runtime services for the operating system. The vulnerability stems from the improper management of the control flow of the BIOS firmware of the Intel(R) processor. Attackers with local access rights can use the vulnerability to increase their rights.
2. Intel BIOS privilege escalation vulnerability (CNNVD-202111-920, CVE-2021-0158)
Vulnerability introduction: Intel Bios is the basic input output system of Intel Corporation in the United States. It is used to perform hardware initialization during the power-on startup phase and firmware that provides runtime services for the operating system. The vulnerability stems from the improper management of the control flow of the BIOS firmware of the Intel(R) processor. Attackers with local access rights can use the vulnerability to increase their rights.
3. Intel PROSet/Wireless WiFi Software security vulnerabilities (CNNVD-202111-941, CVE-2021-0063)
Vulnerability introduction: Intel PROSet/Wireless WiFi Software is a wireless network card driver from Intel Corporation. Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi have security vulnerabilities, and unauthenticated users may enable denial of service through adjacent access.
2. Scope of influence
Multiple Intel products and systems are affected by the vulnerability, including:
Intel? Xeon? Processor E Family
Intel? Xeon? Processor E3 v6 Family
Intel? Xeon? Processor W Family
3rd Generation Intel? Xeon? ScalableProcessors
11th Generation Intel? Core? Processors
10th Generation Intel? Core? Processors
7th Generation Intel? Core? Processors
Intel? Core? X-series Processors
Intel? Celeron? Processor N Series
Intel? Pentium? Silver Processor Series
Three, repair suggestions
At present, Intel has officially released patches to fix the above-mentioned vulnerabilities. It is recommended that users confirm the impact of the vulnerabilities in time and take corrective measures as soon as possible. Intel’s official link address is as follows:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00562.html
This notification is supported by CNNVD technical support units-Beijing Huayunan Information Technology Co., Ltd., Beijing Venus Star Information Security Technology Co., Ltd. and other technical support units.
CNNVD will continue to track the above-mentioned vulnerabilities and release relevant information in a timely manner. If necessary, you can contact CNNVD. Contact: [email protected]
The Links: LM077VS1T01 6MBI100S-120-50
