Privilege escalation in Intel Trace Hub



| Updated: 2022-05-15
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-33150
CWE-ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
Intel Celeron N4000 Processors
Hardware solutions / Firmware

Vendor Intel

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU61197

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-33150

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an attacker with physical access to escalate privileges on the system.

The vulnerability exists due to hardware allows activation of test or debug logic at runtime for some Intel Trace Hub instances, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Celeron N4000 Processors: All versions

CPE2.3 External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00609.html


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###