CVE-2021-0146

high-risk

Published 2021-11-17

Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Do I need to act?

0.25% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

PHYSICAL / LOW complexity

Affected Products (20)

Pentium J6426 Firmware

Pentium J4205 Firmware

Pentium J3710 Firmware

Pentium J2900 Firmware

Pentium J2850 Firmware

Celeron J6412 Firmware

Celeron J6413 Firmware

Celeron J4125 Firmware

Celeron J4025 Firmware

Celeron J3355E Firmware

Celeron J3455E Firmware

Celeron J4105 Firmware

Celeron J4005 Firmware

Celeron J3455 Firmware

Celeron J3355 Firmware

Celeron J3160 Firmware

Celeron J3060 Firmware

Celeron J1800 Firmware

Celeron J1900 Firmware

Celeron J1850 Firmware

Affected Vendors

Intel

References (4)

Third Party Advisory https://security.netapp.com/advisory/ntap-20211210-0006/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528....

Third Party Advisory https://security.netapp.com/advisory/ntap-20211210-0006/

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528....

/ 100

high-risk

Severity 22/34 · High

Exploitability 1/34 · Minimal

Exposure 28/34 · Critical