CVE-2021-0196

Vulnerability

A flaw in the kernel mode driver for some Intel(R) NUC 9 Extreme Laptop Kits before version 2.2.0.20 allows an authenticated user to potentially escalate privileges via local access. The vulnerability is due to improper access control in the kernel mode driver, and it is listed as CVE-2021-0196 in the Intel security advisory INTEL-SA-00553 [1].

Exploitation

Exploitation requires an authenticated user with local access to the system. The attacker must be able to run code on the machine with limited privileges. The vulnerability is triggered by interacting with the kernel mode driver, which fails to enforce proper access controls, potentially allowing the attacker to execute operations reserved for higher privilege levels. No user interaction beyond local access is needed, and the attack complexity is low [1].

Impact

Successful exploitation leads to privilege escalation, allowing the attacker to gain higher privileges on the system. This could result in full compromise of the device, including the ability to execute arbitrary code with kernel-level or system-level privileges, leading to a complete loss of confidentiality, integrity, and availability [1].

Mitigation

Intel has released a firmware update to version 2.2.0.20 or later to address this vulnerability. Users are advised to update their Intel NUC 9 Extreme Laptop Kits to the latest firmware version available from Intel's support site. There are no workarounds mentioned in the advisory; applying the update is the recommended mitigation [1].