#VU60450 Improper isolation or compartmentalization


Published: 2022-02-09 | Updated: 2022-07-24

Vulnerability identifier: #VU60450

Vulnerability risk: Low

CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0060

CWE-ID: CWE-653

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel C620A Series Chipset
Hardware solutions / Firmware
Intel C620 Series Chipset
Hardware solutions / Firmware
Intel C240 Series Chipset
Hardware solutions / Firmware
Intel Atom Processor P5000 Series
Hardware solutions / Firmware
Intel C610 Series Chipset
Hardware solutions / Firmware
Intel Xeon Processor D 1500
Hardware solutions / Firmware
Intel C600 Series Chipset
Hardware solutions / Firmware
Intel Xeon D Processor 2000 Series
Hardware solutions / Firmware
Intel Xeon W Processor 1300 Series
Hardware solutions / Firmware
11th Generation Intel Core Processors
Hardware solutions / Firmware
Intel C624D chipset
Hardware solutions / Firmware
Intel Celeron Processor 6000 Series
Hardware solutions / Firmware
Intel Pentium Gold Processor Series
Hardware solutions / Firmware

Vendor:

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to insufficient compartmentalization in HECI subsystem for the Intel(R) SPS. An attacker with physical access to the system can execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions


External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00470.html


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability