关键信息 Intel ID: INTEL-SA-00562 Advisory Category: Firmware Impact of Vulnerability: Escalation of Privilege Severity: High Release Dates: - Original release: 11/09/2021 - Last revised: 12/16/2021 Summary Description: Potential security vulnerabilities in the BIOS reference code for some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details CVEID: CVE-2021-0157 - Description: Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. - CVSS Base Score: 8.2 High - CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVEID: CVE-2021-0158 - Description: Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. - CVSS Base Score: 8.2 High - CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products Intel® Xeon® Processor E Family Intel® Xeon® Processor E3 v6 Family Intel® Xeon® Processor W Family 11th Generation Intel® Core™ Processors 10th Generation Intel® Core™ Processors 8th Generation Intel® Core™ Processors 7th Generation Intel® Core™ Processors Intel Atom® Processor P5000 Family Intel® Core™ X-series Processors Intel® Celeron® Processor N Series Intel® Pentium® Silver Processor Series Recommendations Intel recommends that users of affected Intel® Processors update to the latest version provided by the system manufacturer that addresses these issues. Acknowledgements Intel would like to thank Itai Liba and Assaf Carlsbad from SentinelOne for reporting these issues.