Intel detailed the security flaws of its products in the 29 security advisories. In total, the developer has eliminated 73 security threats; fifteen of them are capable of causing significant damage.

The most dangerous vulnerability (CVE-2021-24489, CVSS 8.8) is caused by errors in the implementation of VT-d technology. This flaw opens up the possibility for privilege escalation via local access. The vulnerability affects 10th and 11th generations of Core processors, Pentium J and N, Celeron N and Atom E3900 series. Users are advised to update the firmware by contacting the OEM.

Four out of eight vulnerabilities found in BIOS firmware (CVE-2020-12357, CVE-2020-8670, CVE-2020-8700 and CVE-2020-12359) were also recognized as dangerous. All of them allow escalation of privileges on the system. Issues affect Xeon and Core processors, and updated firmware versions have already been sent to OEMs.

CVE-2021-0133 can be highlighted among the other high-severity vulnerabilities, this bug is the ability to escalate privileges via network access, identified in the Intel Security Library (SecL) security software. According to the developer's security advisory, this problem was encountered as a result of unfortunate error: key exchange is held without entity authentication. The vulnerability affects all Xeon processors, including Xeon W CPU 3100 and 3200 series. A new build of SecL (3.3.0) can be downloaded from the relevant Intel repository on GitHub.

Source: anti-malware.ru