Intel BIOS Vulnerabilities – February 2022

Intel has released a security bulletin on 8th February. It lists the 16 vulnerabilities that have been found on the BIOS versions compatible with different Intel processors. Updating the firmware on the affected BIOS versions will resolve the issues reported in the security bulletin.

What Intel processors are affected in the latest February security bulletin?

The following processors are impacted by the newly reported security vulnerabilities by Intel:

  • 2nd Generation Intel® Xeon® Scalable Processor Family
  • Intel® Xeon® Scalable Processor Family
  • Intel® Xeon® Processor W Family
  • Intel® Xeon® Processor E Family
  • Intel® Xeon® Processor D Family
  • 11th Generation Intel® Core™ Processor Family
  • 10th Generation Intel® Core™ Processor Family
  • 9th Generation Intel® Core™ Processor Family
  • 8th Generation Intel® Core™ Processor Family
  • 7th Generation Intel® Core™ Processor Family
  • 6th Generation Intel® Core™ processor Family
  • Intel® Core™ X-series Processor Family
  • Intel® Atom® Processor C3XXX Family.

One of the significant things to note is that the Core family of Intel processors is affected from 6th generation processors to the 11th generation processors.

All these vulnerabilities have a HIGH impact on the systems affected. These vulnerabilities belong to the following vulnerability types:

  • Escalation of Privilege
  • Denial of Service
  • Information Disclosure

What vulnerabilities have been reported by Intel in February 2022 security bulletin?

Intel has shared a list of 16 vulnerabilities. Out of these 16 vulnerabilities, 10 have a high severity for the associated systems and infrastructure. The other 6 have medium or low impact for the systems involved.

We list all the 16 vulnerabilities shared by Intel.

  • CVE-2021-0103-CVSS Score 8.2 – Escalation of Privileges

Description: Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0114-CVSS Score 7.9 – Escalation of Privileges

Description: Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0115-CVSS Score of 7.9 – Buffer Overflow

Description: Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2021-0116-CVSS Score of 7.9 – Escalation of Privileges

Description: Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0117-CVSS Score of 7.9 – Escalation of Privileges

Description: Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0118-CVSS Score of 7.9 – Escalation of Privileges

Description: Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0099-CVSS Score of 7.8 – Escalation of Privileges

Description: Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0156-CVSS Score of 7.5 – Escalation of Privileges

Description: Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0111-CVSS Score of 7.2 – Escalation of Privileges

Description: NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0107-CVSS Score of 7.2 – Escalation of Privileges

Description: Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2021-0125-CVSS Score of 6.7 – Escalation of Privileges

Description: Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2021-0124-CVSS Score of 6.3 – Escalation of Privileges

Description: Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

  • CVE-2021-0119-CVSS Score of 5.8 – Escalation of Privileges

Description: Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

  • CVE-2021-0092 – CVSS Score of 4.7 – Denial of Service

Description: Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

  • CVE-2021-0091 – CVSS Score of 3.2 – Escalation of Privilege

Description: Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access.

  • CVE-2021-0093 – CVSS Score of 2.4 – Denial of Service

Description: Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

How do I resolve these vulnerabilities on Intel processors?

BIOS updates or firmware updates are likely to be pushed through the PC manufacturers. You may contact the manufacturer to check the availability of updated firmware to resolve these issues. If you have assembled your own desktop, please contact the motherboard manufacturer to seek a firmware update corresponding to the Intel processor you are using on your computer.

How can I check which processor do I have?

You can check the processor, its make and configuration from the System settings. On your Windows 11 computer, you may:

  • click on Start—> type in System—> Choose the About option to bring up the hardware configuration of your computer. This will include the full processor information.

This will list the Intel processor or any other processor on your computer. If the processor details match with the list of vulnerable Intel processors stated above, look forward to patching the firmware with the latest update to protect against these high-impact vulnerabilities.

You may also like to read the following content related to Intel processors: