Multiple vulnerabilities in Intel Chipset Firmware

1) Improper isolation or compartmentalization

EUVDB-ID: #VU60450

Risk: Low

CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0060

CWE-ID: CWE-653 - Improper isolation or compartmentalization

Exploit availability: No

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to insufficient compartmentalization in HECI subsystem for the Intel(R) SPS. An attacker with physical access to the system can execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel C620A Series Chipset: before SPS_E5_04.04.04.033.0

Intel C620 Series Chipset: before SPS_E5_04.01.04.516.0

Intel C240 Series Chipset: before SPS_E3_05.01.04.309.0

Intel Atom Processor P5000 Series: before SPS_SoC-A_05.00.03.114.0

Intel C610 Series Chipset: before SPS_PHI_03.01.03.078.0

Intel Xeon Processor D 1500: before SPS_SoC-X_03.00.03.117.0

Intel C600 Series Chipset: before SPS_02.04.00.101.0

Intel Xeon D Processor 2000 Series: before SPS_SoC-X_04.00.04.326.0

Intel Xeon W Processor 1300 Series: before 15.0.35

11th Generation Intel Core Processors: before 15.0.35

Intel C624D chipset: before ADAS_ME_ANL_01.00.05.004.0

Intel Celeron Processor 6000 Series: before 15.0.35

Intel Pentium Gold Processor Series: before 15.0.35

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00470.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU60451

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33068

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in subsystem for Intel(R) AMT. A remote user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMT SDK: before 15.0.35

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00470.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper locking

EUVDB-ID: #VU60452

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0147

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to double-locking error. An authenticated local user can exploit this vulnerability to cause a deadlock, resulting in a denial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Power Management Controller (PMC): before pmc_fw_lbg_c1-21ww02a

External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00470.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.