CVE-2021-0146

NameCVE-2021-0146
DescriptionHardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Notes

NOT-FOR-US: Intel CPU microcode
This vulnerability cannot be fixed via the intel-microcode package since it
needs to be present before the CPU is even initialised fully:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
As such, updates need to be shipped via board vendors and not tracking it as
a fixable bug in intel-microcode
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207

Search for package or bug name: Reporting problems