#VU60450 Improper isolation or compartmentalization in Intel products - CVE-2021-0060

Cybersecurity Help s.r.o.

Published: 2022-02-09 | Updated: 2022-07-24

Vulnerability identifier: #VU60450

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-0060

CWE-ID: CWE-653

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel C620A Series Chipset
Hardware solutions / Firmware
Intel C620 Series Chipset
Hardware solutions / Firmware
Intel C240 Series Chipset
Hardware solutions / Firmware
Intel Atom Processor P5000 Series
Hardware solutions / Firmware
Intel C610 Series Chipset
Hardware solutions / Firmware
Intel Xeon Processor D 1500
Hardware solutions / Firmware
Intel C600 Series Chipset
Hardware solutions / Firmware
Intel Xeon D Processor 2000 Series
Hardware solutions / Firmware
Intel Xeon W Processor 1300 Series
Hardware solutions / Firmware
11th Generation Intel Core Processors
Hardware solutions / Firmware
Intel C624D chipset
Hardware solutions / Firmware
Intel Celeron Processor 6000 Series
Hardware solutions / Firmware
Intel Pentium Gold Processor Series
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to insufficient compartmentalization in HECI subsystem for the Intel(R) SPS. An attacker with physical access to the system can execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel C620A Series Chipset: before SPS_E5_04.04.03.281.0

Intel C620 Series Chipset: before SPS_E5_04.01.04.516.0

Intel C240 Series Chipset: before SPS_E3_05.01.04.309.0

Intel Atom Processor P5000 Series: before SPS_SoC-A_05.00.03.114.0

Intel C610 Series Chipset: before SPS_PHI_03.01.03.078.0

Intel Xeon Processor D 1500: before SPS_SoC-X_03.00.03.117.0

Intel C600 Series Chipset: before SPS_02.04.00.101.0

Intel Xeon D Processor 2000 Series: before SPS_SoC-X_04.00.04.326.0

Intel Xeon W Processor 1300 Series: before 15.0.35

11th Generation Intel Core Processors: before 15.0.35

Intel C624D chipset: before ADAS_ME_ANL_01.00.05.004.0

Intel Celeron Processor 6000 Series: before 15.0.35

Intel Pentium Gold Processor Series: before 15.0.35

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00470.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnetabilities in Dell EMC Integrated Data Protection Appliance

Multiple vulnerabilities in Dell Networking Products for Intel

Multiple vulnerabilities in Dell Networking BIOS drivers

Multiple vulnerabilities in Dell Integrated System for Microsoft Azure Stack Hub

Multiple vulnerabilities in Dell VxRail

Multiple vulnerabilities in Intel Chipset Firmware