The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component.
These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices.
Intel hasn't shared many technical details around these two flaws, but they advise users to patch the vulnerabilities by applying the available BIOS updates.
“Using this vulnerability, an attacker can extract the encryption key and gain access to information within the laptop. The bug can also be exploited in targeted attacks across the supply chain.”
applying BIOS updates :https://www.nvidia.com/en-us/geforce/news/how-to-update-your-motherboard-bios-using-a-simple-usb-stick/
source: https://www.bleepingcomputer.com/news/security/high-severity-bios-flaws-affect-numerous-intel-processors/
The affected products, according to Intel's advisory, are the following:
- Intel® Xeon® Processor E Family
- Intel® Xeon® Processor E3 v6 Family
- Intel® Xeon® Processor W Family
- 3rd Generation Intel® Xeon® Scalable Processors
- 11th Generation Intel® Core™ Processors
- 10th Generation Intel® Core™ Processors
- 7th Generation Intel® Core™ Processors
- Intel® Core™ X-series Processors
- Intel® Celeron® Processor N Series
- Intel® Pentium® Silver Processor Series
Comments