Announcement

Collapse
No announcement yet.

BIOS Updates Begin Appearing For New Intel Privilege Escalation Vulnerabilities

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • BIOS Updates Begin Appearing For New Intel Privilege Escalation Vulnerabilities

    Phoronix: BIOS Updates Begin Appearing For New Intel Privilege Escalation Vulnerabilities

    OEMs have begun releasing updated BIOS/firmware revisions to address new security vulnerabilities disclosed this week by Intel. Most pressing are potential security vulnerabilities within the BIOS reference code used by various Intel CPUs that could lead to privilege escalation by local users and ranked a "high" impact severity...

    https://www.phoronix.com/scan.php?pa...mber-2021-BIOS

  • #2
    What privileges are needed to execute this attack?
    What does 'local user access' mean? I dont think physical access, since server are at risk, but is e.g. JavaScript in the Browser enough local user?

    Comment


    • #3
      Just as AMD also announced that you also need BIOS updates for Epyc CPUs:
      https://www.amd.com/en/corporate/pro...in/amd-sb-1021

      Comment


      • #4
        Yeah, I'm really struggling to understand what this is about… Is this possible while the OS is running?

        Comment


        • #5
          This is really frustrating with my 8+ year-old motherboards that probably won't get an update or if they do it's years late. Buying new hardware these days is just impractical for numerous reasons so that's not going to happen. Who wants to buy yet more buggy hardware at absurd prices? Maybe some day manufacturers will get their act together and it will be worthwhile to buy their hardware. Until then we're left with an insecure mess; and the government wonders why everyone keeps getting hacked.

          Comment


          • #6
            Originally posted by CTTY View Post
            What privileges are needed to execute this attack?
            Just the white kind. Only a white guy with too much free time could learn to do these kinds of attacks.

            What does 'local user access' mean? I dont think physical access, since server are at risk, but is e.g. JavaScript in the Browser enough local user?
            I think it means anything from remote users to physical access. Possibly that could mean JavaScript in the browser, but I assume that would require this attack to be used in conjunction with a browser vulnerability.

            Comment


            • #7
              Originally posted by tunnelblick View Post
              Just as AMD also announced that you also need BIOS updates for Epyc CPUs:
              https://www.amd.com/en/corporate/pro...in/amd-sb-1021
              Reading AMD list I don't see any vulnerability that is possible to exploit without attaining root privileges on system hypervisor or booted OS first, so their impact is limited to those who actively use hardware-assisted DRM and enclaves (an absolute minority).

              BUT.

              This again warns us that 'system management processors' which are 'designed for better security' are actually having very low testing levels and so are huge security hole and need to be reconsidered as of to being implemented at all, they make parts of the system core uncontrollable by the end user, potentially resulting in a worldwide havoc if something more critical in them like remotely accessible backdoor is discovered and exposed.
              Last edited by Alex/AT; 12 November 2021, 03:04 AM.

              Comment


              • #8
                Intel is a menace for hardware users. It's an hardware malware.

                Comment


                • #9
                  Problem is that few companies support Bios updates via LVFS/FWUPD and for few their items. A way to directly inoculate the patch into the BIOS should be applied if it possible in order to apply it to all the general BIOS.

                  Comment


                  • #10
                    Originally posted by Alex/AT View Post
                    Reading AMD list I don't see any vulnerability that is possible to exploit without attaining root privileges on system hypervisor or booted OS first, so their impact is limited to those who actively use hardware-assisted DRM and enclaves (an absolute minority).
                    That's because AMD never makes mistakes when it comes to designing CPU's.

                    Comment

                    Working...
                    X