Intel has recently disclosed a short advisory with details of high severity for 3 CVEs here. They are CVE-2021-0157, CVE-2021-0158, and CVE-2021-0146. The first two are related to BIOS firmware-based vulnerabilities. Once the attacker accesses the BIOS firmware settings, they can exploit the weaknesses addressed in the CVEs to gain higher privileges. Moreover, they based these exploits on flaws in the Control Flow Management and improper input validation in the firmware settings. SentinelOne discovered the 2 CVEs and later reported them to Intel. Therefore, a Vulnerability Management Tool can prevent these attacks.
Mark Ermolov, Dmitry Sklyarov, and Maxim Goryachy discovered CVE-2021-0146. At runtime, there is insufficient protection around test or debug modes present in several Intel Processor lines. However. these modes are privileged and need to be protected better. Moreover, with physical access, unauthenticated users will have access to get their hands on enhanced privileges on the system. However, for example, with the help of this vulnerability, the attacker can extract the Root encryption key used in Intel PTT (Platform Trust Technology) and Intel EPID (Enhanced Privacy ID) in systems for illegal copying. Hence, a good Vulnerability Management Tool can resolve these issues.
There is only this much information as Intel has released very few technical details or POC for these CVEs.
CVEs
1.CVE ID: CVE-2021-0157
Description: Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow privileged users to escalate privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
2.CVE ID: CVE-2021-0158
Description: Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
3.CVE ID: CVE-2021-0146
Description: Hardware allows activation of a test or debugs logic at runtime for some Intel(R) processors, which may allow an unauthenticated user to escalate privilege via physical access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Impact of CVE-2021-0157
A malicious user could exploit these flaws to escalate privilege and extract encryption keys and hence sensitive information from a vulnerable machine.
Affected Products
- CVE-2021-1057 & CVE-2021-1058
- Intel® Xeon® Processor E Family
- Intel® Xeon® Processor E3 v6 Family
- Intel® Xeon® Processor W Family
- 3rd Generation Intel® Xeon® Scalable Processors
- 11th Generation Intel® Core™ Processors
- 10th Generation Intel® Core™ Processors
- 7th Generation Intel® Core™ Processors
- Intel® Core™ X-series Processors
- Intel® Celeron® Processor N Series
- Intel® Pentium® Silver Processor Series
- CVE-2021-0146
- Desktop & Mobile
- Intel Pentium Processor J Series, N Series
- Intel Celeron Processor J Series, N Series
- Intel Atom Processor A Series
- Intel Atom Processor E3900 Series
- Intel Pentium Processor Silver Series/ J&N Series?
- Intel Pentium Processor Silver Series/ J&N Series? – Refresh
- Embedded Systems
- Intel Pentium Processor N Series
- Intel Celeron Processor N Series
- Intel Atom Processor E3900 Series
- Intel Atom Processor C3000
- Desktop & Mobile
These chips are widely used in mobile devices, IoT, embedded systems, home appliances, and other equipment.
Solution
Intel has released the security fixes for all the 3 CVEs, including CVE-2021-0157. Mother Board vendors are responsible for further pushing this BIOS update to their customers. Moreover, the problem is that vendors won’t provide BIOS support or security patches in the long term. This results in a bug that will not be fixed anytime soon for the customers who need it.
So a workaround for CVE-2021-0157 and CVE-2021-0158 is to protect the access to BIOS settings with a strong password.
For CVE-2021-0146, the penetration can be detected using SIEM-class systems on successful exploitation. Hence, these systems detect suspicious behavior and stop attackers from advancing within the network.