Table of Contents
  • Home
  • /
  • Blog
  • /
  • How to Fix CVE-2021-0146- A High Severity Privilege Escalation Vulnerability In Intel Chips?
November 16, 2021
|
3m

How to Fix CVE-2021-0146- A High Severity Privilege Escalation Vulnerability In Intel Chips?


How To Fix Cve 2021 0146 A High Severity Privilege Escalation Vulnerability In Intel Chips

Security researchers from Positive Technologies (PT) have disclosed a high-severity Privilege Escalation vulnerability (CVE-2021-0146) which allows attackers to read encryption keys. We have created this post to let you know which versions of Intel processors are vulnerable to this flaw and how you can fix CVE-2021-0146, a high-severity Privilege Escalation vulnerability.

Summary of CVE-2021-0146:

The vulnerability is rated 7.1 as per the CVSS v3.

CVSS v3 Base Score7.1
DescriptionHardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
VectorCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Access VectorPhysical
Access ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeChanged
Confidentiality ImpactHigh
Integrity ImpactHigh
Availability ImpactHigh
CVSSv3 Version3.1

Intel Processors Affected By CVE-2021-0146A Privilege Escalation Vulnerability

The vulnerability mainly affects the J and N series of Pentium and Celeron Processors. Specially, CPU IDs 506C9, 506CA, 706A1, 706A8, and 506F1.

These chips are used to power laptops, mobile devices, embedded systems, medical devices, and a variety of Internet of Things (IoT).

egmentChipset/SOC or ProcessorCPU IDPlatform ID
Desktop, MobileIntel® Pentium® Processor J Series, N Series
Intel® Celeron® Processor J Series, N Series
Intel® Atom® Processor A Series
Intel® Atom® Processor E3900 Series
 
506C9
 
3
EmbeddedIntel® Pentium® Processor N Series
Intel® Celeron® Processor N Series
Intel® Atom® Processor E3900 Series
 
506CA
 
3
Desktop, MobileIntel® Pentium® Processor Silver Series/ J&N Series706A11
Desktop, MobileIntel® Pentium® Processor Silver Series/ J&N Series – Refresh706A81
EmbeddedIntel® Atom® Processor C3000506F11

How This Intel CVE-2021-0146A Privilege Escalation Vulnerability Impacts On End Users?

There are severe negative implications if we list. Since it’s a local privilege escalation vulnerability, attackers may need physical access to abuse the flaw. This vulnerability allows an attacker to extract a device’s encryption key from a stolen laptop and gain access to the encrypted data on the laptop.

Attackers can use this vulnerability to decrypt digital content protected by Intel’s Platform Trust Technology and Enhanced Privacy ID (EPID) technologies by extracting the root EPID encryption key. This allows adversaries to frame a supply chain attack.

How To Fix CVE-2021-0146- A Local Privilege Escalation Vulnerability In Intel Chips?

To address this vulnerability, Intel has published a security advisory that recommends that users of affected Intel® Processors upgrade their BIOS (provided by the system manufacturer) to the latest version. Please contact the device vendors for more support.

For instance, Dell has published that it has fixed these three vulnerabilities in its new BIOS release in its November security update.

We hope this post will help you in knowing How to Fix CVE-2021-0146- A High Severity Privilege Escalation Vulnerability in Intel Chips. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe