Lucene search

K
intelIntel Security CenterINTEL:INTEL-SA-00532
HistoryFeb 08, 2022 - 12:00 a.m.

2021.2 IPU - Intel® Processor Breakpoint Control Flow Advisory

2022-02-0800:00:00
Intel Security Center
www.intel.com
15
intel processors
denial of service
firmware updates
security vulnerability
coordinated disclosure
cve-2021-0127
insufficient control flow

EPSS

0

Percentile

12.6%

Summary:

A potential security vulnerability in some Intel® processors that may allow a denial of service. Intel® is releasing firmware updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2021-0127

Description: Insufficient control flow management in some Intel® Processors may allow an authenticated user to potentially enable a denial of service via local access

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H****

Affected Products:

  • 6th Generation Intel® Core™ Processors
  • 7th Generation Intel® Core™ Processor Family
  • 8th Generation Intel® Core™ Processor Family
  • 9th Generation Intel® Core™ Processor Family
  • 10th Generation Intel® Core™ Processor Family
  • Intel® Celeron® Processor G Series
  • Intel® Core™ X-series Processors
  • Intel® Pentium® Gold Processor Series
  • Intel® Xeon® Scalable Processors
  • 2nd Generation Intel® Xeon® Scalable Processors
  • 3rd Generation Intel® Xeon® Scalable Processors
  • Intel® Xeon® Processor W Family
  • Intel® Xeon® Processor E Family
  • Intel® Xeon® Processor E3 v6 Family
  • Intel® Xeon® Processor D Family
  • Intel ® Xeon® Platinum 81xxD
  • Intel® Xeon® Processor E3 v5 Family

Recommendations:

Intel recommends that users of the above listed Intel® Processors update to the latest firmware version provided by the system manufacturer that addresses this issue.__

Acknowledgements:

This issue was found externally.****

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.