BIOS Updates Begin Appearing For New Intel Privilege Escalation Vulnerabilities
INTEL-SA-00562 was made public on Tuesday around security vulnerabilities in the BIOS reference code for processors ranging from 3rd Gen Xeon Scalable to 11th Gen Core to Celeron and Pentium processors... Rather broad exposure across Intel CPU product lines for recent generations and going back to at least the likes of the 7th Gen Core processors.
The vulnerabilities in the BIOS reference code could lead to privilege escalation of local users and carries a CVSS base score of "high" at 8.2 for both CVEs. CVE-2021-0157 is tracking insufficient control flow management in this BIOS firmware and CVE-2021-0158 is for improper input validation by the BIOS firmware.
Also disclosed on Tuesday and being mitigated by updated firmware is INTEL-SA-00528 (CVE-2021-0146) around a security vulnerability in various Atom, Celeron, and Pentium processors. These affected processors allow activating test/debug logic at run-time that could be used by unauthenticated users to escalate their privileges. This carries a high CVSS base score of 7.1.
For both of these Intel security advisories, it is important to note that it requires a malicious actor to first have local user access to the system and then the risk from there is privilege escalation. So public multi-user systems, servers, etc, are obviously most at risk and impacted by these new vulnerabilities.
The precise details on the vulnerabilities within the Intel BIOS reference code doesn't appear to have been made public yet. However, given many OEMs relying on that reference code and the number of affected processors, there is broad exposure on INTEL-SA-00562. Dell, HP, Lenovo, and other vendors have already begun rolling out updated BIOSes to address these newly disclosed vulnerabilities. Intel Platform Update (IPU) Update 2021.2 for November 2021 has the necessary firmware updates.
So particularly for those at risk of having potentially nefarious local user access to affected hardware, start checking for BIOS updates. Thankfully for Linux systems with LVFS/FWUPD we continue to see more hardware vendors pushing down BIOS updates.
Now if only Intel backed fully open-source firmware to help with security auditing and discovering of such vulnerabilities more quickly... At least industry interest continues moving more in that direction around open-source system firmware...
Update: Red Hat's Richard Hughes who maintains the Linux Vendor Firmware Service can also confirm the uptick in new BIOS updates being deployed now:
Can confirm: pic.twitter.com/16SwiJrSGk— Richard Hughes (@hughsient) November 11, 2021