| Name | CVE-2021-0146 |
| Description | Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
NOT-FOR-US: Intel CPU microcode
This vulnerability cannot be fixed via the intel-microcode package since it
needs to be present before the CPU is even initialised fully:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
As such, updates need to be shipped via board vendors and not tracking it as
a fixable bug in intel-microcode
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207