A couple of days ago, Intel updated its security advisory to include two new Local Escalation of Privilege (LPE) bugs that it was made aware of by security researchers. The first bug has been assigned the ID "CVE-2021-0157", and is presumably the more dangerous one since it affects some of the more common CPU families. However, fortunately for Intel, the latest Alder Lake-S family of processors is not vulnerable. The list of affected CPU families are:
Intel® Xeon® Processor E Family
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor W Family
3rd Generation Intel® Xeon® Scalable Processors
11th Generation Intel® Core™ Processors
10th Generation Intel® Core™ Processors
7th Generation Intel® Core™ Processors
Intel® Core™ X-series Processors
Intel® Celeron® Processor N Series
Intel® Pentium® Silver Processor Series
The second bug with ID "CVE-2021-0146" seems to affect lower-end CPUs like the Pentium and Celeron with the following CPU IDs. Embedded SOCs are also affected and have been classified separately.
CPU IDs:
- Desktop/Mobile :
- 506C9
- 706A1
- 706A8
- Embedded:
- 506CA
- 506F1
Desktop/Mobile (ID 506C9) :
Intel® Pentium® Processor J Series, N Series
Intel® Celeron® Processor J Series, N Series
Intel® Atom® Processor A Series
Intel® Atom® Processor E3900 Series
Desktop/Mobile (ID 706A1):
- Intel® Pentium® Processor Silver Series/ J&N Series
Desktop/Mobile (ID 706A8):
Intel® Pentium® Processor Silver Series/ J&N Series - Refresh
Embedded (ID 506CA):
Intel® Pentium® Processor N Series
Intel® Celeron® Processor N Series
Intel® Atom® Processor E3900 Series
Embedded (ID 506F1):
Intel® Atom® Processor C3000
As far as recommendations, Intel has advised users to update the systems' BIOS to the firmware version that patches the issue. Hence, users should be on the lookout for when their OEMs or motherboard vendors release the patched firmware.
17 Comments - Add comment