Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-0146
HistoryNov 17, 2021 - 12:00 a.m.

CVE-2021-0146

2021-11-1700:00:00
ubuntu.com
ubuntu.com
21
hardware testing
debug logic
intel processors
privilege escalation
physical access

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.9%

Hardware allows activation of test or debug logic at runtime for some
Intelยฎ processors which may allow an unauthenticated user to potentially
enable escalation of privilege via physical access.

Notes

Author Note
alexmurray Updates available in upstream release https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchintel-microcode<ย 3.20220510.0ubuntu0.18.04.1UNKNOWN
ubuntu20.04noarchintel-microcode<ย 3.20220510.0ubuntu0.20.04.1UNKNOWN
ubuntu21.10noarchintel-microcode<ย 3.20220510.0ubuntu0.21.10.1UNKNOWN
ubuntu22.04noarchintel-microcode<ย 3.20220510.0ubuntu0.22.04.1UNKNOWN
ubuntu22.10noarchintel-microcode<ย 3.20220207.1ubuntu1UNKNOWN
ubuntu16.04noarchintel-microcode<ย 3.20220510.0ubuntu0.16.04.1+esm1UNKNOWN

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.9%