author: Dawid Wanat
Intel CPUs With New Security Vulnerabilities
The most recently detected security vulnerabilities was found in AMD processors. It turns out, however, that also some Intel units also have significant problems.
Intel already has a rich history when it comes to security gaps or data leaks. The origins of the chip's security problems date back to 2018, when vulnerabilities named Meltdown, Spectre and Spectre-NG (Spectre Next Generation) were discovered. In the past, the processor giant also faced exploits like Zombieload, Fallout and RIDL. Recently, the hardware engaged in a battle against another threat.
According to Positive Technologies, the vulnerability marked as CVE-2021-0146 could potentially expose low-level security keys. It opens access to debugging functions, resulting in untrusted users that have physical access to the computer acquiring extended privileges. The issue affects Goldmont and Goldmont Plus microarchitecture processors. These include chips from the Pentium, Celeron and Atom series of Apollo Lake, Gemini Lake and Gemini Lake Refresh platforms. They can be found in laptops, mobile devices, embedded systems and medical devices. Intel Atom E3900 processors are used by automakers in, for example, Tesla Model 3.
One of the threats stemming from the presence of this exploit is the ability to extract encrypted, confidential information from lost or stolen laptops. The vulnerability will also allow for cracking security of e-books. Using the example of Amazon, which uses an Intel EPID-based system, it enables the user to extract the EPID master encryption key of a device, which is supposed to lead to cracking this security. As a result, the user could gain access to files from vendors.
Fortunately, the vulnerability should be patched with a UEFI or BIOS update. Owners of affected CPUs should regularly visit their hardware manufacturers' websites and update their software after the patch comes out.