Bug 2023586 (CVE-2021-0157) - CVE-2021-0157 kernel: insufficient control flow management in the BIOS firmware
Summary: CVE-2021-0157 kernel: insufficient control flow management in the BIOS firmware
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-0157
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2023587
Blocks: 2023585
TreeView+ depends on / blocked
 
Reported: 2021-11-16 05:45 UTC by Dhananjay Arunesh
Modified: 2021-11-29 08:09 UTC (History)
43 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2021-11-29 08:09:19 UTC
Embargoed:

Attachments (Terms of Use)

Description Dhananjay Arunesh 2021-11-16 05:45:23 UTC 
A vulnerability was reported in the BIOS firmware for some Intel(R) Processors due to insufficient control flow management. In this flaw, a user with local access may cause the device to elevate privileges.

References:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00562.html
Comment 1 Dhananjay Arunesh 2021-11-16 05:46:05 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2023587]
Comment 2 Justin M. Forbes 2021-11-17 14:24:14 UTC 
This appears to be something that intel is fixing in firmware, is there a kernel aspect to this that I am missing?
Comment 5 Rohit Keshri 2021-11-25 19:05:48 UTC 
In reply to comment #2:
> This appears to be something that intel is fixing in firmware, is there a
> kernel aspect to this that I am missing?

Intel is fixing this with a firmware upgrade, there will be no workarounds or OS fixes for these issues. RHEL is marked not affected.
Comment 6 Product Security DevOps Team 2021-11-29 08:09:15 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-0157
Note You need to log in before you can comment on or make changes to this bug.