#VU63176 Use of Out-of-range Pointer Offset in Intel Hardware solutions


Published: 2022-05-16

Vulnerability identifier: #VU63176

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-0189

CWE-ID: CWE-823

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
2nd Generation Intel Xeon Scalable Processors
Hardware solutions / Firmware
Intel Xeon Processor E Family
Hardware solutions / Firmware
Intel Xeon Processor E3 v6 Family
Hardware solutions / Firmware
Intel Xeon Processor E3 v5 Family
Hardware solutions / Firmware
Intel Xeon Processor E7 v4 Family
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use of out-of-range pointer offset in the BIOS firmware. A local user can execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

2nd Generation Intel Xeon Scalable Processors: All versions

Intel Xeon Processor E Family: All versions

Intel Xeon Processor E3 v6 Family: All versions

Intel Xeon Processor E3 v5 Family: All versions

Intel Xeon Processor E7 v4 Family: All versions

CPE

External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell VxFlex ReadyNode and Dell VxFlex ESXi
Multiple vulnerabilities in Dell Integrated System for Microsoft Azure Stack Hub
Multiple vulnerabilities in Dell PowerEdge BIOS
Multiple vulnerabilities in Dell products
Multiple vulnerabilities in Intel processors