This dangerous Intel CPU vulnerability could allow attackers to break into your laptop

News
By published

Bug affects wide range of popular Intel processors

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Intel has disclosed a high-severity elevation of privilege vulnerability that affects a wide range of processor families made in the past few years.

The flaw, tracked as CVE-2021-0146 was discovered by Positive Technologies. It stems from an overprivileged debugging system that’s insufficiently protected, and can be exploited by attackers to access encrypted files.

According to Positive Technologies, the vulnerability affects the Pentium, Celeron and Atom processors of the Apollo Lake, Gemini Lake and Gemini Lake Refresh platforms, which are popularly used in mobile devices, embedded systems, and Internet of Things (IoT) devices, such as smart home appliances, medical equipment, and smart cars.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

High severity vulnerability

Citing an example of a real world threat, Mark Ermolov, the cybersecurity researcher who discovered the bug, says attackers can use the vulnerability to extract the encryption key and access confidential encrypted information from a lost or stolen laptop.

“The bug can also be exploited in targeted attacks across the supply chain. For example, an employee of an Intel processor-based device supplier could, in theory, extract the Intel CSME [Converged Security and Management Engine] firmware key and deploy spyware that security software would not detect,” adds Ermolov.

Furthermore, the severity of the vulnerability can be assessed from the fact that it can also facilitate the extraction of the root encryption key used in Intel Platform Trust Technology (PTT) and Intel Enhanced Privacy ID (EPID) technologies. 

Ermolov says several Amazon e-book models use Intel EPID-based protection for digital rights management (DRM), and the bug can enable attackers to break into the devices and download DRM-protected content. 

The good news is that Intel has released a firmware update to mitigate this flaw, and the researchers suggest users immediately install the UEFI BIOS updates published by the manufacturers of their affected devices.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
AMD logo
AMD patches high severity security flaw affecting Zen chips
An abstract image of a lock against a digital background, denoting cybersecurity.
Apple CPU security issue could let hackers steal user data from browsers
AMD Ryzen 5 7600X processor
AMD confirms processor security flaws after Asus patch slips out early
Security
Intel slams Nvidia and AMD, claims chip giants have huge numbers of security flaws
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
New UEFI Secure Boot flaw exposes systems to bootkits
Latest in Security
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
Ofcom cracks down on UK tech firms, will issue sanctions for illegal content
Latest in News
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Frank Grimes confronts Homer Simpson in The Simpsons&#039; Homer&#039;s Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way
Marvel Rivals
Marvel Rivals' next update will add two new hero skins for Iron Man and Spider-Man mains this week
Nvidia Isaac GROOT N1
“The age of generalist robotics is here" - Nvidia's latest GROOT AI model just took us another step closer to fully humanoid robots
More about security
Robotic hand clicking on captcha &#039;I am not a robot&#039;.

Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
Close up of a person touching an email icon.

Criminals are using CSS to get around filters and track email usage
Nvidia Earth-2 weather models

Nvidia has updated its virtual recreation of the entire planet - and it could mean better weather forecasts for everyone
See more latest
Most Popular
Nvidia Earth-2 weather models
Nvidia has updated its virtual recreation of the entire planet - and it could mean better weather forecasts for everyone
Sennheiser HD 550 headphones profile shot
Sennheiser announces new HD 550 headphones with high-quality audio for gamers and audiophiles
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Frank Grimes confronts Homer Simpson in The Simpsons&#039; Homer&#039;s Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way
Robotic hand clicking on captcha &#039;I am not a robot&#039;.
Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
Nvidia DGX Station
Nvidia’s DGX Station brings 800Gbps LAN, the most powerful chip ever launched in a desktop workstation PC
NVIDIA RTX PRO 6000 Blackwell Server Edition
Nvidia launches its fastest GPU ever: Nvidia RTX Pro 6000 Blackwell Workstation Edition is an enhanced version of the RTX 5090 with more of everything
A still from the movie She Will
Everything leaving Hulu in April 2025
Nvidia Blackwell Ultra
Nvidia GTC 2025: New Blackwell Ultra GPU series is the most powerful AI hardware yet