News

Researchers discover flaw in Intel chips that allows password leaks

By admin
Spread the love

Security researchers have discovered a vulnerability in a number of older Intel chips that makes it possible to leak sensitive data from the trusted execution environment. To do this, an attacker needs physical access to a system.

The vulnerability is registered as CVE-2021-0146, and was discovered by security firm Positive Technologies. The vulnerability is found in all Pentium, Celeron and Atom processors in the Apollo Lake and Gemini Lake series. The bug gets a CVSS score of 7.1 because it allows privilege escalation.

Positive Technologies has not released any details about the vulnerability, but does describe how it could be exploited. The bug would allow a debugging mode to be enabled. In this way, information can be leaked from the chips. This would theoretically allow attackers to get the root key from Intel’s Trusted Execution Technology; the environment in which encryption keys and other encrypted data are stored. In that case, it would be possible to bypass drm, but also, for example, to gain access to the entire system.

The company says it has passed on the findings to Intel. That has since implemented patches, but manufacturers still have to send them to users themselves. Dell, HP and Lenovo have already done that.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

ASUS will produce and support NUC mini PCs after Intel exit

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Igor’s Lab shares specs LGA1851 socket Arrow Lake: PCIe 5.0 SSDs and more pins