#VU60450 Improper isolation or compartmentalization in Intel products - CVE-2021-0060
Published: February 9, 2022 / Updated: July 24, 2022
Vulnerability identifier: #VU60450
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-0060
CWE-ID: CWE-653
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel C620A Series Chipset
Intel C620 Series Chipset
Intel C240 Series Chipset
Intel Atom Processor P5000 Series
Intel C610 Series Chipset
Intel Xeon Processor D 1500
Intel C600 Series Chipset
Intel Xeon D Processor 2000 Series
Intel Xeon W Processor 1300 Series
11th Generation Intel Core Processors
Intel C624D chipset
Intel Celeron Processor 6000 Series
Intel Pentium Gold Processor Series
Intel C620A Series Chipset
Intel C620 Series Chipset
Intel C240 Series Chipset
Intel Atom Processor P5000 Series
Intel C610 Series Chipset
Intel Xeon Processor D 1500
Intel C600 Series Chipset
Intel Xeon D Processor 2000 Series
Intel Xeon W Processor 1300 Series
11th Generation Intel Core Processors
Intel C624D chipset
Intel Celeron Processor 6000 Series
Intel Pentium Gold Processor Series
Software vendor:
Intel
Intel
Description
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient compartmentalization in HECI subsystem for the Intel(R) SPS. An attacker with physical access to the system can execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.