SB2022020901 - Multiple vulnerabilities in Intel Chipset Firmware
Published: February 9, 2022 Updated: July 24, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper isolation or compartmentalization (CVE-ID: CVE-2021-0060)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient compartmentalization in HECI subsystem for the Intel(R) SPS. An attacker with physical access to the system can execute arbitrary code with elevated privileges.
2) NULL pointer dereference (CVE-ID: CVE-2021-33068)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in subsystem for Intel(R) AMT. A remote user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
3) Improper locking (CVE-ID: CVE-2021-0147)
The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error. An authenticated local user can exploit this vulnerability to cause a deadlock, resulting in a denial of service condition.
Remediation
Install update from vendor's website.