Intel has discovered a host of serious firmware vulnerabilities

News
By Sead Fadilpašić
published

Flaws could allow for DoS attacks and privilege escalation

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Intel says it has discovered 16 new BIOS vulnerabilities that could allow cybercriminals to circumvent cybersecurity solutions in the operating system and access sensitive data. Furthemore, it would allow them to launch Denial of Service, as well as Privilege Escalation attacks on the local endpoint.

These flaws lead back to a wide variety of bugs found in the BIOS firmware, such as insufficient control flow management, out-of-bounds write problems, buffer overflow, improper input validation, pointer issues, default permissions, or access control issues. 

According to the company’s security bulletin, models from the 6th to the 11th-Gen Core processors are affected, as well as Xeon products from the W, E and D series.

Physical access needed

Of the 16 vulnerabilities found, 10 have been described as “high severity”, three are “medium” severity, and one is “low” severity. 

The good news about all of these flaws is that they require physical access to the device in order to be leveraged. While that’s good news for businesses that hold their endpoints in a secure location, it could spell trouble for professionals with business laptops or mobile workstations

The best way to go about these bugs is to “update to the latest versions provided by the system manufacturer that addresses these issues”, Intel says, without saying if the updates are yet available or not. As far as we know, Intel will be releasing firmware updates to mitigate these flaws, but no concrete roadmap is yet published.

Read more

> This dangerous Intel CPU vulnerability could allow attackers to break into your laptop

> Intel claims its CPUs have fewer new security bugs than AMD

> Intel, Lenovo and more hit by major BIOS security flaws

Here is the full list of the affected products:

  • 2nd Generation Intel® Xeon® Scalable Processor Family
  • Intel® Xeon® Scalable Processor Family
  • Intel® Xeon® Processor W Family
  • Intel® Xeon® Processor E Family
  • Intel® Xeon® Processor D Family
  • 11th Generation Intel® Core™ Processor Family
  • 10th Generation Intel® Core™ Processor Family
  • 9th Generation Intel® Core™ Processor Family
  • 8th Generation Intel® Core™ Processor Family
  • 7th Generation Intel® Core™ Processor Family
  • 6th Generation Intel® Core™ processor Family
  • Intel® Core™ X-series Processor Family
  • Intel® Atom® Processor C3XXX Family

Via: Tom's Hardware

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.