Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Intel

High Severity BIOS Flaws Affect Numerous Intel Processors (bleepingcomputer.com) 43

Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device. BleepingComputer reports: The flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high). The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component. These vulnerabilities could lead to escalation of privilege on the machine, but only if the attacker had physical access to vulnerable devices.

Intel hasn't shared many technical details around these two flaws, but they advise users to patch the vulnerabilities by applying the available BIOS updates. This is particularly problematic because motherboard vendors do not release BIOS updates often and don't support their products with security updates for long. Considering that 7th gen Intel Core processors came out five years ago, it's doubtful that MB vendors are still releasing security BIOS updates for them. As such, some users will be left with no practical way to fix the above flaws. In these cases, we would suggest that you set up a strong password for accessing the BIOS settings.
Intel also released a separate advisory for a high-severity elevation of privilege flaw (CVE-2021-0146) that affects several car models that use the Intel Atom E3900. "Intel has released a firmware update to mitigate this flaw, and users will get it through patches supplied by the system manufacturer," the report says.
This discussion has been archived. No new comments can be posted.

High Severity BIOS Flaws Affect Numerous Intel Processors

Comments Filter:
  • In a blob universe, a binary blob is fixed by another binary blob.

    That would be fun to exploit this one, and reflash the BIOS from a compromised OS, which can reflash the BIOS chip with the flashrom tool.

    Intel has not learned from the debacle they had years ago.

    Normal they think their binary blobs are not the problem.

    • At least the issue requires physical access by the attacker and that would make it harder to implement for an outside attacker.

      If you want to execute it on your own machine it's just your problem, not the problem for anyone else.

    • Intel: "Just press update and hope you got the right one!"

      We're living the future of Trusted Computing.

      My desktop has AMD, of course. My laptop I guard physical access with physical security.

      "No, check your email at the library. I don't care what time or day they're open!"

    • by dfghjk ( 711126 )

      As this were some sort of insight. Considering that the a "blob" in this context is software for which you do not have source code, in the "you don't have source code" universe, software for which you do not have source code is fixed by other software for which you don't have source code. Duh.

      Also, BIOS is not a "blob" nor is a BIOS update. A "blob" is a binary payload which software loads and executes.

      "Intel has not learned from the debacle they had years ago."

      Because they are unrelated problems that wou

  • by at10u8 ( 179705 ) on Monday November 15, 2021 @08:51PM (#61992023)
    Last week I did Linux installs onto some new Intel boxes. The BIOS required that I repeatedly use the password to assert that "Yes, I really do want you to boot from the USB media." I already had physical access to the machine, and I could have used the jumpers to reset the BIOS password. I am not seeing why it is quite so important to protect the machine from someone who can disassemble its parts.
    • by gweihir ( 88907 )

      It is security theater, i.e. trying to give a false impression that everything is well secured to not-so-smart users.

    • by drkshadow ( 6277460 ) on Monday November 15, 2021 @10:59PM (#61992301)

      TPM.

      Boot to untrusted media in a trusted manner, read from TPM, decrypt disk.

      If you don't allow boot-from-USB without a password but reset the password with jumpers, you break the TPM. No decrypt the disk for you.

    • I am not seeing why it is quite so important to protect the machine from someone who can disassemble its parts.

      It's simple. Somebody told them that you have to compromise between ease of use and security. And they wanted it really secure. So they made it as inconvenient as possible. Done!

    • by tlhIngan ( 30335 )

      Last week I did Linux installs onto some new Intel boxes. The BIOS required that I repeatedly use the password to assert that "Yes, I really do want you to boot from the USB media." I already had physical access to the machine, and I could have used the jumpers to reset the BIOS password. I am not seeing why it is quite so important to protect the machine from someone who can disassemble its parts.

      It may not be simple. The BIOS may need the password to unlock the TPM so the disk encryption key is accessible

      • by jabuzz ( 182671 )

        Er no I just last month had a machine that is 4 years old fail to boot on a power cut because the CMOS battery was dead and the boot settings where scrambled.

    • The idea is that this kind of attack - _for now_ - is only workable with physical access.
      However, this has penetrated one of the security circles that protect the computer.
      As such, the security is weaker, and a different hole in another component (like, for example, a remote management module accessible via Ethernet or even WiFi) could allow an attacker to move all the way through.

      The problem with this is:
      Sometime in the past (2000? 2005?) more than 60% of successful attacks against IT were done by employee

    • You could put a lock on the case to stop someone reaching the jumpers - or even lock the whole base unit in a secure enclosure. Plus if there's staff about they would most likely say something about someone dismantling a PC, while plugging in a USB stick and pressing keys are normal things to do while using a computer.

    • I already had physical access to the machine, and I could have used the jumpers to reset the BIOS password. I am not seeing why it is quite so important to protect the machine from someone who can disassemble its parts.

      But can you disassemble its parts? Security is not on or off, it's not black or white. Walking past a keyboard is one thing. Being presented with a password prompt dramatically increases the time it takes for you to do something, and your ability to trigger people around you into questioning your motives.

      You can walk passed an unsecured office PC and slip a USB stick in and do something without raising too much suspicion. Now try opening said PC right there at the desk. Not only does it take longer but your

    • by dfghjk ( 711126 )

      Because the people they sell the computers to cannot disassemble the parts and they can't either.

      Having worked in the PC manufacturing industry, I can assure you that very few people in management care about anything other than the checkboxes.

  • trying to stop Skynet from ever launching....

  • by jddj ( 1085169 ) on Monday November 15, 2021 @08:59PM (#61992041) Journal

    Just download the image and write it to a floppy, then boot from that.

    Oh.

    • by sinij ( 911942 )
      I just finished building X570 based PC. The technology moved on a lot since bad old day having to do what you describe, you can now access file system from within BIOS and/or mount new devices. Patching BIOS is not at all hard in 2021.
    • Newegg has USB floppy drives for under $20.

      • by Chaset ( 552418 )

        The trick is getting good quality floppy disks. It seems all of the "good" manufacturers of the disks dropped out of the market ages ago. Some of the names on the labels may be the same, but they're all cheap junk cranked out at the lowest cost possible that maybe works once or twice before crapping out.

  • reading the above summary I get the impression it's now in the intel processors.
    if this is the case maybe they need to move it to the GPU and let the AI running on the GPU fix it. Isn't AI supposed to fix everything?

    On a serious note, I have noticed an increase in tech fails over the years. and even the following (next) article on slashdot is about some DDR4 memory issue (haven't read it yet.)

  • The only Intel systems I have is two laptops from employers. I did throw out their substandard expensive crap in favor of AMD about a decade ago.

  • I have a 7th gen chip plugging away in a FreeNAS box. The MB manufacturer (ASUS) has a beta BIOS upgrade to allow the MB to work nicely with Windows 11. I expect the final BIOS upgrade will incorporate a fix for this escalation. [In case you're interested - the MB is a B250 mining expert, which spent one year trying to mine before being repurposed.]

  • Bleepers recommend to set a strong password.

    I recommend to recycle the thing and buy AMD.

  • AMD on the desktop, Apple Silicon on the laptop...
    • Apple silicon are the only CPUs proven to be just as buggy and insecure as Intel. If you want to avoid Intel for security concerns Apple is the last place you want to go.

  • Why 7th, 10th, & 11th generation Intel CPUs are vulnerable, but not 8th & 9th gen Intel CPUs? (Those don't appear to be listed.)

  • I love finding systems such as this that allow you to perform side channel attacks. Systems similar to this have been extremely valuable in cracking many protection systems.

"If value corrupts then absolute value corrupts absolutely."

Working...