Intel BSSA DFT initialization [CVE-2021-0144]

A potential security vulnerability in the customer build time configuration for the Intel BIOS Shared SW Architecture (BSSA) Design for Test (DFT) feature may allow escalation of privilege.  Intel is releasing detailed guidance to address this potential vulnerability.

Description:

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-ID CVE-2021-0144
Impact of vulnerability: Escalation of Privilege
CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity rating: Critical
Risk Score 7.5
Remote Access  Required 

Affected Products:

  • 2nd Generation Intel® Xeon® Scalable Processors
  • Intel® Xeon® Scalable Processors
  • Intel® Core™ X-series Processors
  • Intel® Xeon® Processor W Family
  • Intel® Xeon® Processor D Family
  • Intel® Xeon® Processor E5 v4 Family
  • Intel® Xeon® Processor E5 v3 Family

Mitigation:

Intel recommends that users of the potentially affected products update to the latest BIOS firmware version provided by the system manufacturer that addresses these issues.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-1783 : TOTOLINK LR1200GB 9.1.0U.6619_B20230130/9.3.5U.6698_B20230810 WEB INTERFACE /CGI-BIN/CSTECGI.CGI LOGINAUTH HTTP_HOST STACK-BASED OVERFLOW

CVE-2024-1783 : TOTOLINK LR1200GB 9.1.0U.6619_B20230130/9.3.5U.6698_B20230810 WEB INTERFACE /CGI-BIN/CSTECGI.CGI LOGINAUTH HTTP_HOST STACK-BASED OVERFLOW

Description A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the

CVE-2024-1451 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.9.0 USER PROFILE PAGE CROSS SITE SCRIPTING

CVE-2024-1451 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.9.0 USER PROFILE PAGE CROSS SITE SCRIPTING

Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload

CVE-2023-52439 : LINUX KERNEL UP TO 6.7.0 UIO IDR_FIND USE AFTER FREE

CVE-2023-52439 : LINUX KERNEL UP TO 6.7.0 UIO IDR_FIND USE AFTER FREE

Description In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ——————————————————- uio_unregister_device