How to Fix CVE-2021-0146- A High Severity Privilege Escalation Vulnerability In Intel Chips?

Security researchers from Positive Technologies (PT) have disclosed a high severity Privilege Escalation vulnerability (CVE-2021-0146) which allows attackers to read encryption keys. We have created this post to let you know which versions of Intel processors are vulnerable to this flaw and how you can fix CVE-2021-0146, a high severity Privilege Escalation vulnerability.

Summary of CVE-2021-0146:

The vulnerability is rated 7.1 as per the CVSS v3.

CVSS v3 Base Score7.1
DescriptionHardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Access VectorPhysical
Access ComplexityHigh
Privileges RequiredNone
User InteractionNone
Confidentiality ImpactHigh
Integrity ImpactHigh
Availability ImpactHigh
CVSSv3 Version3.1

Intel Processors Affected By CVE-2021-0146A Privilege Escalation Vulnerability

The vulnerability mainly affects the J and N series of Pentium and Celeron Processors. Specially, CPU IDs 506C9, 506CA, 706A1, 706A8, and 506F1.

These chips are used to power laptops, mobile devices, embedded systems, medical devices, and a variety of internet of things (IoT).

egmentChipset/SOC or ProcessorCPU IDPlatform ID
Desktop, MobileIntel® Pentium® Processor J Series, N Series
Intel® Celeron® Processor J Series, N Series
Intel® Atom® Processor A Series
Intel® Atom® Processor E3900 Series
EmbeddedIntel® Pentium® Processor N Series
Intel® Celeron® Processor N Series
Intel® Atom® Processor E3900 Series
Desktop, MobileIntel® Pentium® Processor Silver Series/ J&N Series706A11
Desktop, MobileIntel® Pentium® Processor Silver Series/ J&N Series – Refresh706A81
EmbeddedIntel® Atom® Processor C3000506F11

How This Intel CVE-2021-0146A Privilege Escalation Vulnerability Impacts On End Users?

There are severe negative implications if we list. Since it’s a local privilege escalation vulnerability, attackers may need physical access to abuse the flaw. This vulnerability allows an attacker to extract a device’s encryption key from a stolen laptop and gain access to the encrypted data on the laptop.

See also  Streamlining Security Operations with SOAR

Attackers can use this vulnerability to decrypt digital content protected by Intel’s Platform Trust Technology and Enhanced Privacy ID (EPID) technologies by extracting the root EPID encryption key. This allows adversaries to frame a supply chain attack.

How To Fix CVE-2021-0146- A Local Privilege Escalation Vulnerability In Intel Chips?

To address this vulnerability, Intel has published a security advisory that recommends that users of affected Intel® Processors upgrade their BIOS (provided by the system manufacturer) to the latest version. Please contact the device vendors for more support.

For instance, Dell has published that it has fixed these three vulnerabilities in its new BIOS release in its November security update.

Leave a Reply

Your email address will not be published. Required fields are marked *