CVE-2021-33164

Name of the Vulnerable Software and Affected Versions Intel(R) NUCs versions prior to INWHL357.0046

Description The issue is related to improper access control in BIOS firmware, which may allow a privileged user to potentially enable escalation of privilege via local access. It is also associated with a vulnerability in UEFI firmware, known as RingHopper, that allows code execution at the System Management Mode (SMM) level, providing unrestricted access to system memory. This vulnerability is linked to the possibility of conducting a timing attack using Direct Memory Access (DMA) to damage memory in SMM-level code. The presence of this vulnerability has been confirmed in Intel, Dell, and Insyde Software firmware, while AMD, Phoenix, and Toshiba firmware are not affected.

Recommendations For Intel(R) NUCs versions prior to INWHL357.0046, update the BIOS firmware to version INWHL357.0046 or later to resolve the issue. As a temporary workaround, consider restricting local access to the system to minimize the risk of exploitation. Avoid using DMA for sensitive operations until the issue is resolved.