CVE-2021-0188

Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://security.netapp.com/advisory/ntap-20220818-0003/	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1558l_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1558l_v5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1565l_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1565l_v5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1578l_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1578l_v5:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1585_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1585_v5:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1585l_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1585l_v5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1515m_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1515m_v5:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1545m_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1545m_v5:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1575m_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1575m_v5:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1220_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1220_v5:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1225_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1225_v5:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1230_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1230_v5:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1235l_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1235l_v5:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1240_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1240l_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1240l_v5:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1245_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1245_v5:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1260l_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1260l_v5:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1268l_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1268l_v5:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1270_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1270_v5:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1275_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1275_v5:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1280_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1280_v5:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1505l_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1505l_v5:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1505m_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1505m_v5:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1535m_v5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1535m_v5:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1285_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1285_v6:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1501l_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1501l_v6:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1501m_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1501m_v6:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1220_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1220_v6:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1225_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1225_v6:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1230_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1230_v6:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1240_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1240_v6:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1245_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1245_v6:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1270_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1270_v6:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1275_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1275_v6:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1280_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1280_v6:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1505l_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1505l_v6:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1505m_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1505m_v6:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:intel:xeon_e3-1535m_v6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:xeon_e3-1535m_v6:-:*:*:*:*:*:*:*

History

19 Aug 2022, 12:27

Type	Values Removed	Values Added
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20220818-0003/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20220818-0003/ - Third Party Advisory

18 Aug 2022, 15:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20220818-0003/ -

19 May 2022, 15:05

Type	Values Removed	Values Added
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html - Vendor Advisory
CWE		CWE-119
CPE		cpe:2.3:o:intel:xeon_e3-1245_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1280_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1285_v6_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1245_v5:-:::::::* cpe:2.3:o:intel:xeon_e3-1245_v6_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1578l_v5_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1505l_v6:-:::::::* cpe:2.3:o:intel:xeon_e3-1220_v5_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1505l_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1225_v5:-:::::::* cpe:2.3:o:intel:xeon_e3-1275_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1505m_v6_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1285_v6:-:::::::* cpe:2.3:h:intel:xeon_e3-1565l_v5:-:::::::* cpe:2.3:o:intel:xeon_e3-1240_v6_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1240_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1270_v5:-:::::::* cpe:2.3:o:intel:xeon_e3-1280_v6_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1270_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1565l_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1501m_v6_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1505m_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1235l_v5:-:::::::* cpe:2.3:o:intel:xeon_e3-1585l_v5_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1268l_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1245_v6:-:::::::* cpe:2.3:h:intel:xeon_e3-1575m_v5:-:::::::* cpe:2.3:o:intel:xeon_e3-1268l_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1220_v6_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1501l_v6_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1515m_v5_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1545m_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1260l_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1558l_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1230_v6:-:::::::* cpe:2.3:h:intel:xeon_e3-1585l_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1240l_v5:-:::::::* cpe:2.3:o:intel:xeon_e3-1558l_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1545m_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1225_v5_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1535m_v6:-:::::::* cpe:2.3:h:intel:xeon_e3-1275_v6:-:::::::* cpe:2.3:o:intel:xeon_e3-1240_v5_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1585_v5:-:::::::* cpe:2.3:o:intel:xeon_e3-1505l_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1235l_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1230_v6_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1535m_v6_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1515m_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1578l_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1225_v6:-:::::::* cpe:2.3:h:intel:xeon_e3-1280_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1535m_v5:-:::::::* cpe:2.3:o:intel:xeon_e3-1585_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1240l_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1535m_v5_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1270_v6:-:::::::* cpe:2.3:h:intel:xeon_e3-1220_v6:-:::::::* cpe:2.3:o:intel:xeon_e3-1270_v6_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1260l_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1505m_v5_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1220_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1505m_v6:-:::::::* cpe:2.3:h:intel:xeon_e3-1501m_v6:-:::::::* cpe:2.3:o:intel:xeon_e3-1275_v6_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1275_v5:-:::::::* cpe:2.3:h:intel:xeon_e3-1240_v6:-:::::::* cpe:2.3:h:intel:xeon_e3-1280_v6:-:::::::* cpe:2.3:h:intel:xeon_e3-1501l_v6:-:::::::* cpe:2.3:o:intel:xeon_e3-1230_v5_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1225_v6_firmware:-:::::::* cpe:2.3:o:intel:xeon_e3-1505l_v6_firmware:-:::::::* cpe:2.3:h:intel:xeon_e3-1230_v5:-:::::::* cpe:2.3:o:intel:xeon_e3-1575m_v5_firmware:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8

12 May 2022, 17:24

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-12 17:15

Updated : 2024-02-04 22:29

NVD link : CVE-2021-0188

Mitre link : CVE-2021-0188

CVE.ORG link : CVE-2021-0188

JSON object : View

Products Affected

intel

xeon_e3-1270_v5
xeon_e3-1270_v6_firmware
xeon_e3-1230_v5_firmware
xeon_e3-1280_v5
xeon_e3-1285_v6_firmware
xeon_e3-1275_v5_firmware
xeon_e3-1545m_v5_firmware
xeon_e3-1501m_v6_firmware
xeon_e3-1270_v6
xeon_e3-1558l_v5
xeon_e3-1505l_v5_firmware
xeon_e3-1230_v6
xeon_e3-1515m_v5
xeon_e3-1230_v6_firmware
xeon_e3-1245_v6
xeon_e3-1505m_v6
xeon_e3-1230_v5
xeon_e3-1240l_v5_firmware
xeon_e3-1280_v6
xeon_e3-1565l_v5
xeon_e3-1270_v5_firmware
xeon_e3-1220_v5
xeon_e3-1245_v6_firmware
xeon_e3-1505l_v6_firmware
xeon_e3-1275_v6_firmware
xeon_e3-1585l_v5
xeon_e3-1268l_v5_firmware
xeon_e3-1225_v6
xeon_e3-1260l_v5
xeon_e3-1505m_v5_firmware
xeon_e3-1220_v6
xeon_e3-1505m_v6_firmware
xeon_e3-1225_v5
xeon_e3-1280_v6_firmware
xeon_e3-1275_v5
xeon_e3-1535m_v5
xeon_e3-1585l_v5_firmware
xeon_e3-1565l_v5_firmware
xeon_e3-1240_v5_firmware
xeon_e3-1505l_v6
xeon_e3-1535m_v6_firmware
xeon_e3-1235l_v5_firmware
xeon_e3-1240l_v5
xeon_e3-1501l_v6_firmware
xeon_e3-1558l_v5_firmware
xeon_e3-1245_v5
xeon_e3-1260l_v5_firmware
xeon_e3-1585_v5_firmware
xeon_e3-1535m_v5_firmware
xeon_e3-1245_v5_firmware
xeon_e3-1280_v5_firmware
xeon_e3-1585_v5
xeon_e3-1545m_v5
xeon_e3-1225_v5_firmware
xeon_e3-1220_v5_firmware
xeon_e3-1235l_v5
xeon_e3-1578l_v5
xeon_e3-1515m_v5_firmware
xeon_e3-1285_v6
xeon_e3-1575m_v5_firmware
xeon_e3-1268l_v5
xeon_e3-1220_v6_firmware
xeon_e3-1225_v6_firmware
xeon_e3-1505l_v5
xeon_e3-1240_v6_firmware
xeon_e3-1501m_v6
xeon_e3-1275_v6
xeon_e3-1575m_v5
xeon_e3-1535m_v6
xeon_e3-1240_v6
xeon_e3-1578l_v5_firmware
xeon_e3-1240_v5
xeon_e3-1501l_v6
xeon_e3-1505m_v5

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.8 /10