A new vulnerability affecting Intel’s Goldmont low-power architecture Processors

More From Author

See more articles

Myntra Upcoming Sales 2025: Your Fashion Calendar for Maximum...

Myntra Upcoming Sales 2025 In the ever-evolving world of fashion e-commerce, Myntra continues to be India's go-to destination...

Dimensity 6020 vs Snapdragon 695: Mid-Range Chipset Battle

Dimensity 6020 vs Snapdragon 695: Qualcomm Snapdragon 695 5G (SD695) is a fast mid-range ARM-based SoC found...

My Jio Recharge Plans as of January 4,...

My Jio Recharge Plans: Since its establishment in 2016, Reliance Jio has made a remarkable impact on...

After AMD listed about 50 vulnerabilities affecting its EPYC CPUs and Radeon GPUs, this time it’s Intel that’s on the news. According to sources, a vulnerability has been revealed in Intel’s Goldmont and Goldmont Plus low-power architectures. This new threat has the potential to reveal low-level security keys.

Reports suggest that the chips which are affected by the vulnerability are Apollo Lake and Gemini Lake plus Refresh Atom, Celeron, and Pentium products. They’re all low-power chips used in embedded systems, mobile devices, and cheap laptops. No to mention that Intel’s Atom E3900 is also found in over 30 cars, including the Tesla Model 3, according to some rumors.

Security firm, Positive Technologies, has discovered this flaw in Intel before going public with the issue, and it has been assigned the reference CVE-2021-0146. This flaw requires physical access to the computer and sees the chip tricked into entering a test debugging mode that has excessively high privileges. After this, it is only a matter of seconds for the root encryption keys to be extracted.

“The bug can also be exploited in targeted attacks across the supply chain,” said Positive’s Mark Ermolov in a statement. “For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME firmware key and deploy spyware that security software would not detect.”

A UEFI BIOS update can plug the security hole, and owners of affected systems are advised to look out for an update from their device’s manufacturer.

source

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

━ Related News

Featured

━ Latest News

Featured