CVE-2021-0190

Vulnerability

An uncaught exception in the BIOS firmware of certain Intel(R) processors can be exploited by a privileged user. The vulnerability exists in the firmware code that handles specific operations, and it is reachable when a user with local administrative access triggers the exception path. Affected products include various Intel processor families; the full list is provided in the Intel security advisory [1].

Exploitation

To exploit this vulnerability, an attacker must have local access to the system and possess privileged user rights (e.g., root or administrator). The attacker can then trigger the uncaught exception by executing a sequence of operations that cause the firmware to enter an unexpected state. No user interaction beyond the attacker's own actions is required, and the attack does not depend on network access.

Impact

Successful exploitation allows the attacker to escalate privileges within the system. The uncaught exception may lead to arbitrary code execution in the firmware context, potentially bypassing security mechanisms such as Secure Boot or Intel Boot Guard. The attacker could gain elevated privileges that persist across reboots, compromising the integrity of the platform.

Mitigation

Intel has released firmware updates to address this vulnerability. The advisory [1] provides details on the affected processor generations and the specific firmware versions that contain the fix. System administrators should apply the latest BIOS/firmware updates from their system manufacturer. As of the publication date, no workaround is available; updating the firmware is the only mitigation.