https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html

Skip To Main Content
Intel Home Intel Home
Toggle Navigation

Sign In

Sign In

Username [                    ]
Your username is missing
Password [                    ]
Your password is missing

By signing in, you agree to our Terms of Service.

[Sign In] [ ] Remember me

Forgot your Intel username or password?

Frequently Asked Questions

Do you work for Intel? Sign in here.

Don't have an Intel account? Sign up here for a basic account.

My Intel

My Tools

  * ?

Sign Out
USA (English)

Select Your Region

Asia Pacific

  * Asia Pacific (English)
  * Australia (English)
  * India (English)
  * Indonesia (Bahasa Indonesia)
  * Japan (Ri Ben Yu )
  * Korea (hangugeo)
  * Mainland China (Jian Ti Zhong Wen )
  * Taiwan (Fan Ti Zhong Wen )
  * Thailand (aithy)
  * Vietnam (Tieng Viet)

Europe

  * France (Francais)
  * Germany (Deutsch)
  * Ireland (English)
  * Italy (Italiano)
  * Poland (Polski)
  * Russia (Russkii)
  * Spain (Espanol)
  * Turkey (Turkce)
  * United Kingdom (English)

Latin America

  * Argentina (Espanol)
  * Brazil (Portugues)
  * Chile (Espanol)
  * Colombia (Espanol)
  * Latin America (Espanol)
  * Mexico (Espanol)
  * Peru (Espanol)

Middle East/Africa

  * Israel (`bryt)

North America

  * United States (English)
  * Canada (English)
  * Canada (Francais)

Toggle Search
Search < [                    ]
Top Results

Sign In to access restricted content

Using Intel.com Search

You can easily search the entire Intel.com site in several ways.

  * Brand Name: Core i9
  * Document Number: 123456
  * Code Name: Kaby Lake
  * Special Operators: "Ice Lake", Ice AND Lake, Ice OR Lake, Ice*

Quick Links

You can also try the quick links below to see results for most
popular searches.

  * Download Center
  * Product Specifications
  * Products
  * Support

Recent Searches

Sign In to access restricted content

The browser version you are using is not recommended for this site.
Please consider upgrading to the latest version of your browser by
clicking one of the following links.

  * Safari
  * Chrome
  * Edge
  * Firefox

The latest security information on Intel(r) products.

Intel(r) Processor Advisory

       Intel ID:             INTEL-SA-00528
Advisory Category:       Hardware
Impact of vulnerability: Escalation of Privilege
Severity rating:         HIGH
Original release:        11/09/2021
Last revised:            11/09/2021

Show more Show less View all

Summary: 

A potential security vulnerability in some Intel(r) Processors may
allow escalation of privilege.  Intel is releasing firmware updates
to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2021-0146

Description: Hardware allows activation of test or debug logic at
runtime for some Intel(R) processors which may allow an
unauthenticated user to potentially enable escalation of privilege
via physical access.

CVSS Base Score: 7.1 High

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products:

+------------------------------------------------------------------------------------+
|Segment      |Chipset/SOC or Processor                   |CPU ID      |Platform ID  |
|-------------+-------------------------------------------+------------+-------------|
|Desktop,     |Intel(r) Pentium(r) Processor J Series, N      |            |             |
|Mobile       |Series                                     |            |             |
|             |                                           |506C9       |3            |
|             |Intel(r) Celeron(r) Processor J Series, N      |            |             |
|             |Series                                     |            |             |
|             |                                           |            |             |
|             |Intel(r) Atom(r) Processor A Series            |            |             |
|             |                                           |            |             |
|             |Intel(r) Atom(r) Processor E3900 Series        |            |             |
|-------------+-------------------------------------------+------------+-------------|
|Embedded     |Intel(r) Pentium(r) Processor N Series         |            |             |
|             |                                           |            |             |
|             |Intel(r) Celeron(r) Processor N Series         |506CA       |3            |
|             |                                           |            |             |
|             |Intel(r) Atom(r) Processor E3900 Series        |            |             |
|-------------+-------------------------------------------+------------+-------------|
|Desktop,     |Intel(r) Pentium(r) Processor Silver Series/ J&|706A1       |1            |
|Mobile       |N Series                                   |            |             |
|-------------+-------------------------------------------+------------+-------------|
|Desktop,     |Intel(r) Pentium(r) Processor Silver Series/ J&|706A8       |1            |
|Mobile       |N Series  - Refresh                        |            |             |
|-------------+-------------------------------------------+------------+-------------|
|Embedded     |Intel(r) Atom(r) Processor C3000               |506F1       |1            |
+------------------------------------------------------------------------------------+

 

Recommendations:

Intel recommends that users of affected Intel(r) Processors update to
the latest version provided by the system manufacturer that addresses
these issues.

Acknowledgements:                      

This vulnerability was researched and reported by Mark Ermolov and
Dmitry Sklyarov (Positive Technologies) and Maxim Goryachy
(independent).

Intel would like to thank its employees Chandni Bhowmik and Ilya
Wagner for identifying and developing the Proof of Concept (POC) for
CVE-2021-0146 on Intel(r) Pentium(r) Processor Silver Series/ J&N Series
and Intel(r) Pentium(r) Processor Silver Series/ J&N Series Refresh
Processor Family.

Intel, and nearly the entire technology industry, follows a
disclosure practice called Coordinated Disclosure, under which a
cybersecurity vulnerability is generally publicly disclosed only
after mitigations are available.

Revision History

Revision    Date      Description
1.0      11/09/2021 Initial Release

Show more Show less View all

Legal Notices and Disclaimers

Intel provides these materials as-is, with no express or implied
warranties.

All products, dates, and figures specified are preliminary based on
current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design
defects or errors known as errata, which may cause the product to
deviate from published specifications. Current characterized errata
are available on request.

Intel technologies' features and benefits depend on system
configuration and may require enabled hardware, software or service
activation. Performance varies depending on system configuration. No
computer system can be absolutely secure. Check with your system
manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel
analysis or architecture simulation or modeling, and provided to you
for informational purposes. Any differences in your system hardware,
software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the
United States and other countries.

*Other names and brands may be claimed as the property of others.
Copyright (c) Intel Corporation 2020

Report a Vulnerability

If you have information about a security issue or vulnerability with
an Intel branded product or technology, please send an e-mail to 
secure@intel.com. Encrypt sensitive information using our PGP public
key.

Please provide as much information as possible, including:

  * The products and versions affected
  * Detailed description of the vulnerability
  * Information on known exploits

A member of the Intel Product Security Team will review your e-mail
and contact you to collaborate on resolving the issue. For more
information on how Intel works to resolve security issues, see:

  * Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and
related subdomains), please contact Intel's External Security
Research team.

Need product support?

If you...

  * Have questions about the security features of an Intel product
  * Require technical support
  * Want product updates or patches


Please visit Support & Downloads.

 

 

 

 

 

 

  * Report a Vulnerability
  * Product Support

Get Help

  * Company Information
  * Our Commitment
  * Diversity & Inclusion
  * Communities
  * Investor Relations
  * Contact Us
  * Newsroom
  * Jobs

  *  
  *  
  *  
  *  
  *  

  * (c) Intel Corporation
  * Terms of Use
  * *Trademarks
  * Cookies
  * Privacy
  * Supply Chain Transparency
  * Site Map

Intel technologies may require enabled hardware, software or service
activation. // No product or component can be absolutely secure. //
Your costs and results may vary. // Performance varies by use,
configuration and other factors. // See our complete legal Notices
and Disclaimers. // Intel is committed to respecting human rights and
avoiding complicity in human rights abuses. See Intel's Global Human
Rights Principles. Intel's products and software are intended only to
be used in applications that do not cause or contribute to a
violation of an internationally recognized human right.

Intel Footer Logo
[             <script]