Vulnerability CVE-2021-0157

Vulnerability CVE-2021-0157

Published: 2021-11-17

Description:

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.6/10	6.4/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Intel -> Xeon gold 6328hl
Intel -> Core i5-7440eq
Intel -> Xeon platinum 8352s
Intel -> Core i5-8260u
Intel -> Xeon platinum 8380
Intel -> Core i5-8500t
Intel -> Xeon w-11865mre
Intel -> Core i7-10700te
Intel -> Xeon w-1350p
Intel -> Core i7-11700kf
Intel -> Xeon w-2235
Intel -> Core i7-4820k
Intel -> Xeon w-3323
Intel -> Core i7-7660u
Intel -> Core i7-8557u
Intel -> Celeron n3050
Intel -> Core i7-8850h
Intel -> Celeron n6211
Intel -> Core i9-11900
Intel -> Core i3-10300t
Intel -> Core i9-9920x
Intel -> Core i3-7100t
Intel -> Xeon e-2146g
Intel -> Core i3-8130u
Intel -> Xeon e-2274g
Intel -> Core i5-1035g4
Intel -> Xeon e-2374g
Intel -> Core i5-10600t
Intel -> Xeon e3-1505l v6
Intel -> Core i5-11500he
Intel -> Xeon gold 6330
Intel -> Core i5-7440hq
Intel -> Xeon platinum 8352v
Intel -> Core i5-8265u
Intel -> Xeon platinum 8380h
Intel -> Core i5-8600
Intel -> Xeon w-11955m
Intel -> Core i7-10710u
Intel -> Xeon w-1370
Intel -> Core i7-11700t
Intel -> Xeon w-2245
Intel -> Core i7-4930k
Intel -> Xeon w-3335
Intel -> Core i7-7700
Intel -> Celeron n2805
Intel -> Core i7-8559u
Intel -> Celeron n3060
Intel -> Core i7-9800x
Intel -> Core i3-1000g1
Intel -> Core i9-11900f
Intel -> Core i3-10305
Intel -> Core i9-9940x
Intel -> Core i3-7100u
Intel -> Xeon e-2174g
Intel -> Core i3-8140u
Intel -> Xeon e-2276g
Intel -> Core i5-1035g7
Intel -> Xeon e-2378
Intel -> Core i5-11260h
Intel -> Xeon e3-1505m v6
Intel -> Core i5-11500t
Intel -> Xeon gold 6330h
Intel -> Core i5-7442eq
Intel -> Xeon platinum 8352y
Intel -> Core i5-8269u
Intel -> Xeon platinum 8380hl
Intel -> Core i5-8600k
Intel -> Xeon w-1250
Intel -> Core i7-10750h
Intel -> Xeon w-1370p
Intel -> Core i7-11800h
Intel -> Xeon w-2255
Intel -> Core i7-4930mx
Intel -> Xeon w-3345
Intel -> Core i7-7700hq
Intel -> Celeron n2806
Intel -> Core i7-8565u
Intel -> Celeron n3150
Intel -> Core i9-10850k
Intel -> Core i3-1000g4
Intel -> Core i9-11900h
Intel -> Core i3-10305t
Intel -> Core i9-9960x
Intel -> Core i3-7101e
Intel -> Xeon e-2176g
Intel -> Core i3-8145u
Intel -> Xeon e-2276m
Intel -> Core i5-1038ng7
Intel -> Xeon e-2378g
Intel -> Core i5-11300h
Intel -> Xeon e3-1535m v6
Intel -> Core i5-1155g7
Intel -> Xeon gold 6330n
Intel -> Core i5-7500
Intel -> Xeon platinum 8353h
Intel -> Core i5-8279u
Intel -> Xeon silver 4309y
Intel -> Core i5-8600t
Intel -> Xeon w-1250e
Intel -> Core i7-10810u

References:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00562.html

Vulnerability CVE-2021-0157

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-269

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

4.6/10

6.4/10

3.9/10

Local

Low

No required

Partial

Partial

Partial

Affected software

References: