Certain Intel processors can be slipped into a test mode, granting access to low-level keys that can be used to, say, unlock encrypted data stored in a stolen laptop or some other device.
This vulnerability (CVE-2021-0146), identified by Positive Technologies, a security firm just sanctioned by the US, affects various Intel Atom, Celeron, and Pentium chips that were made in the past few years. It’s one of 25 security holes Intel revealed last week.
The insecure chip hardware permits the “activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access,” Intel explained in an advisory, which rates the bug with a CVSS score of 7.1. Exploitation of the hole does require physical access to the chips, an important caveat to note.
The vulnerable Atom, Celeron, and Pentium chips come from Intel’s Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms, which serve as
Read the article