Intel: OEMs distribute BIOS updates to close critical security holes

Two critical security holes have crept into the BIOS reference code for various platforms that allow local attackers to grant extended access rights. The weak points were announced last week, and improvements are now being made via BIOS updates. The updates to close the security gaps are already being distributed by various manufacturers.

Nov 15, 2021 - 13:08
 63
Intel: OEMs distribute BIOS updates to close critical security holes

In the past week, two critical security holes in the BIOS reference code of past and current Intel platforms became known. These are now to be closed by means of corresponding updates, which are now being distributed by various OEMs.

The first vulnerability is identified by INTEL-SA-00562 (CVE-2021-0157) and enables potential attackers to grant extended access rights to the system. Although the description of the security gap does not give any more precise details, local user access is required to be able to exploit it. Intel's Xeon Scalable processors from the third generation and the 11th Gen Core and Celeron series are affected.

The second vulnerability INTEL-SA-00528 (CVE-2021-0158) also requires local access to the system in order to be exploited. Attackers can also gain extended access rights for the system by using the integrated test or debug logic during runtime by unauthenticated users. Various processors from the Atom, Celeron, and Pentium product lines from Intel are affected by the vulnerability.

According to the report from phoronix.com, Dell, HP, Lenovo, and other PC manufacturers have already started rolling out BIOS updates that close the gaps. The Intel Platform Update (IPU) 2021.2 for November 2021 more precisely.

By: Amber V.