A potential security vulnerability in the customer build time configuration for the Intel BIOS Shared SW Architecture (BSSA) Design for Test (DFT) feature may allow escalation of privilege. Intel is releasing detailed guidance to address this potential vulnerability.
Description:
Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.
| CVE-ID | CVE-2021-0144 |
|---|---|
| Impact of vulnerability: | Escalation of Privilege |
| CVSS Vector: | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Severity rating: | Critical |
| Risk Score | 7.5 |
| Remote Access | Required |
Affected Products:
- 2nd Generation Intel® Xeon® Scalable Processors
- Intel® Xeon® Scalable Processors
- Intel® Core™ X-series Processors
- Intel® Xeon® Processor W Family
- Intel® Xeon® Processor D Family
- Intel® Xeon® Processor E5 v4 Family
- Intel® Xeon® Processor E5 v3 Family
Mitigation:
Intel recommends that users of the potentially affected products update to the latest BIOS firmware version provided by the system manufacturer that addresses these issues.
