High-Severity Intel Processor Bug Exposes Encryption Keys

CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files.

A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content.

That’s according to Positive Technologies (PT), which found that the vulnerability (CVE-2021-0146) is a debugging functionality with excessive privileges, which is not protected as it should be.

The high-severity privilege-escalation issue is rated 7.1 out of 10 on the CVSS vulnerability-severity scale.

Register now for our LIVE event!

“[The] hardware allows activation of test or debug logic at runtime for some Intel processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access,” according to Intel’s advisory, issued last week.

In terms of scope, the vulnerability affects the Pentium, Celeron and Atom processors of the Apollo Lake, Gemini Lake and Gemini Lake Refresh platforms. These chips power laptops, mobile devices, embedded systems, medical devices and a variety of internet of things (IoT) offerings.

“According to a study by Mordor Intelligence, Intel ranks fourth in the IoT chip market, while its Intel Atom

Read More: https://threatpost.com/intel-processor-bug-encryption-keys/176355/