CVE-2021-0144

CWE-11884 documents4 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 69.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Core I5 Intel Core I7 Intel Core I9 +27 more

Timeline

PublishedJul 14

Latest updateMay 24

Description

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages31 packages

▶CVEListV5intel_bssa_dftrsSee references

▶NVDintel/core_i562 versions+61

▶NVDintel/core_i7102 versions+101

▶NVDintel/core_i96 versions+5

▶NVDintel/xeon_e345 versions+44

🔴Vulnerability Details

GHSA

GHSA-q9f9-4gv4-x42q: Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege v↗2022-05-24

▶

CVEList

CVE-2021-0144: Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege v↗2021-07-14

▶

📋Vendor Advisories

Red Hat

kernel: hw: Insecure default variable initialization for the Intel BSSA DFT feature↗2021-07-13

▶