Intel BSSA DFT Advisory

Summary:

A potential security vulnerability in the customer build time configuration for the Intel BIOS Shared SW Architecture (BSSA) Design for Test (DFT) feature may allow escalation of privilege. Intel is releasing detailed guidance to address this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2021-0144

Description: Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products:

• 2nd Generation Intel® Xeon® Scalable Processors
• Intel® Xeon® Scalable Processors
• Intel® Core™ X-series Processors
• Intel® Xeon® Processor W Family
• Intel® Xeon® Processor D Family
• Intel® Xeon® Processor E5 v4 Family
• Intel® Xeon® Processor E5 v3 Family

Recommendation:

Intel recommends that users of the potentially affected products update to the latest BIOS firmware version provided by the system manufacturer that addresses these issues.

Acknowledgements:

Intel would like to thank Alexander Tereshkin, Alexander Matrosov and Adam ‘pi3’ Zabrocki of NVIDIA Product Security Team for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.