CVE Vulnerabilities

CVE-2021-0158

Improper Input Validation

Published: Nov 17, 2021 | Modified: Nov 22, 2021
CVSS 3.x
6.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
6.7 MODERATE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Ubuntu

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Weakness

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Software

Name Vendor Start Version End Version
Celeron_n2805 Intel - -
Celeron_n2806 Intel - -
Celeron_n2807 Intel - -
Celeron_n2808 Intel - -
Celeron_n2810 Intel - -
Celeron_n2815 Intel - -
Celeron_n2820 Intel - -
Celeron_n2830 Intel - -
Celeron_n2840 Intel - -
Celeron_n2910 Intel - -
Celeron_n2920 Intel - -
Celeron_n2930 Intel - -
Celeron_n2940 Intel - -
Celeron_n3000 Intel - -
Celeron_n3010 Intel - -
Celeron_n3050 Intel - -
Celeron_n3060 Intel - -
Celeron_n3150 Intel - -
Celeron_n3160 Intel - -
Celeron_n3350 Intel - -
Celeron_n3350e Intel - -
Celeron_n3450 Intel - -
Celeron_n4000 Intel - -
Celeron_n4020 Intel - -
Celeron_n4100 Intel - -
Celeron_n4120 Intel - -
Celeron_n4500 Intel - -
Celeron_n4505 Intel - -
Celeron_n5100 Intel - -
Celeron_n5105 Intel - -
Celeron_n6210 Intel - -
Celeron_n6211 Intel - -
Core_i3-1000g1 Intel - -
Core_i3-1000g4 Intel - -
Core_i3-1005g1 Intel - -
Core_i3-10100 Intel - -
Core_i3-10100e Intel - -
Core_i3-10100f Intel - -
Core_i3-10100t Intel - -
Core_i3-10100te Intel - -
Core_i3-10100y Intel - -
Core_i3-10105 Intel - -
Core_i3-10105f Intel - -
Core_i3-10105t Intel - -
Core_i3-10110u Intel - -
Core_i3-10110y Intel - -
Core_i3-10300 Intel - -
Core_i3-10300t Intel - -
Core_i3-10305 Intel - -
Core_i3-10305t Intel - -
Core_i3-10320 Intel - -
Core_i3-10325 Intel - -
Core_i3-11100he Intel - -
Core_i3-1110g4 Intel - -
Core_i3-1115g4 Intel - -
Core_i3-1115g4e Intel - -
Core_i3-1115gre Intel - -
Core_i3-1120g4 Intel - -
Core_i3-1125g4 Intel - -
Core_i3-7020u Intel - -
Core_i3-7100 Intel - -
Core_i3-7100e Intel - -
Core_i3-7100h Intel - -
Core_i3-7100t Intel - -
Core_i3-7100u Intel - -
Core_i3-7101e Intel - -
Core_i3-7101te Intel - -
Core_i3-7102e Intel - -
Core_i3-7130u Intel - -
Core_i3-7167u Intel - -
Core_i3-7300 Intel - -
Core_i3-7300t Intel - -
Core_i3-7320 Intel - -
Core_i3-7350k Intel - -
Core_i3-8100 Intel - -
Core_i3-8100b Intel - -
Core_i3-8100h Intel - -
Core_i3-8100t Intel - -
Core_i3-8109u Intel - -
Core_i3-8130u Intel - -
Core_i3-8140u Intel - -
Core_i3-8145u Intel - -
Core_i3-8145ue Intel - -
Core_i3-8300 Intel - -
Core_i3-8300t Intel - -
Core_i3-8350k Intel - -
Core_i5-10200h Intel - -
Core_i5-10210u Intel - -
Core_i5-10210y Intel - -
Core_i5-10300h Intel - -
Core_i5-1030g4 Intel - -
Core_i5-1030g7 Intel - -
Core_i5-10310u Intel - -
Core_i5-10310y Intel - -
Core_i5-1035g1 Intel - -
Core_i5-1035g4 Intel - -
Core_i5-1035g7 Intel - -
Core_i5-1038ng7 Intel - -
Core_i5-10400 Intel - -
Core_i5-10400f Intel - -
Core_i5-10400h Intel - -
Core_i5-10400t Intel - -
Core_i5-10500 Intel - -
Core_i5-10500e Intel - -
Core_i5-10500h Intel - -
Core_i5-10500t Intel - -
Core_i5-10500te Intel - -
Core_i5-10505 Intel - -
Core_i5-10600 Intel - -
Core_i5-10600k Intel - -
Core_i5-10600kf Intel - -
Core_i5-10600t Intel - -
Core_i5-11260h Intel - -
Core_i5-11300h Intel - -
Core_i5-1130g7 Intel - -
Core_i5-11320h Intel - -
Core_i5-1135g7 Intel - -
Core_i5-11400 Intel - -
Core_i5-11400f Intel - -
Core_i5-11400h Intel - -
Core_i5-11400t Intel - -
Core_i5-1140g7 Intel - -
Core_i5-1145g7 Intel - -
Core_i5-1145g7e Intel - -
Core_i5-1145gre Intel - -
Core_i5-11500 Intel - -
Core_i5-11500h Intel - -
Core_i5-11500he Intel - -
Core_i5-11500t Intel - -
Core_i5-1155g7 Intel - -
Core_i5-11600 Intel - -
Core_i5-11600k Intel - -
Core_i5-11600kf Intel - -
Core_i5-11600t Intel - -
Core_i5-7200u Intel - -
Core_i5-7260u Intel - -
Core_i5-7267u Intel - -
Core_i5-7287u Intel - -
Core_i5-7300hq Intel - -
Core_i5-7300u Intel - -
Core_i5-7360u Intel - -
Core_i5-7400 Intel - -
Core_i5-7400t Intel - -
Core_i5-7440eq Intel - -
Core_i5-7440hq Intel - -
Core_i5-7442eq Intel - -
Core_i5-7500 Intel - -
Core_i5-7500t Intel - -
Core_i5-7600 Intel - -
Core_i5-7600k Intel - -
Core_i5-7600t Intel - -
Core_i5-7640x Intel - -
Core_i5-7y54 Intel - -
Core_i5-7y57 Intel - -
Core_i5-8200y Intel - -
Core_i5-8210y Intel - -
Core_i5-8250u Intel - -
Core_i5-8257u Intel - -
Core_i5-8259u Intel - -
Core_i5-8260u Intel - -
Core_i5-8265u Intel - -
Core_i5-8269u Intel - -
Core_i5-8279u Intel - -
Core_i5-8300h Intel - -
Core_i5-8305g Intel - -
Core_i5-8310y Intel - -
Core_i5-8350u Intel - -
Core_i5-8365u Intel - -
Core_i5-8365ue Intel - -
Core_i5-8400 Intel - -
Core_i5-8400b Intel - -
Core_i5-8400h Intel - -
Core_i5-8400t Intel - -
Core_i5-8500 Intel - -
Core_i5-8500b Intel - -
Core_i5-8500t Intel - -
Core_i5-8600 Intel - -
Core_i5-8600k Intel - -
Core_i5-8600t Intel - -
Core_i7-10510u Intel - -
Core_i7-10510y Intel - -
Core_i7-1060g7 Intel - -
Core_i7-10610u Intel - -
Core_i7-1065g7 Intel - -
Core_i7-1068ng7 Intel - -
Core_i7-10700 Intel - -
Core_i7-10700e Intel - -
Core_i7-10700f Intel - -
Core_i7-10700k Intel - -
Core_i7-10700kf Intel - -
Core_i7-10700t Intel - -
Core_i7-10700te Intel - -
Core_i7-10710u Intel - -
Core_i7-10750h Intel - -
Core_i7-10810u Intel - -
Core_i7-10850h Intel - -
Core_i7-10870h Intel - -
Core_i7-10875h Intel - -
Core_i7-11370h Intel - -
Core_i7-11375h Intel - -
Core_i7-11390h Intel - -
Core_i7-11600h Intel - -
Core_i7-1160g7 Intel - -
Core_i7-1165g7 Intel - -
Core_i7-11700 Intel - -
Core_i7-11700f Intel - -
Core_i7-11700k Intel - -
Core_i7-11700kf Intel - -
Core_i7-11700t Intel - -
Core_i7-11800h Intel - -
Core_i7-1180g7 Intel - -
Core_i7-11850h Intel - -
Core_i7-11850he Intel - -
Core_i7-1185g7 Intel - -
Core_i7-1185g7e Intel - -
Core_i7-1185gre Intel - -
Core_i7-1195g7 Intel - -
Core_i7-3820 Intel - -
Core_i7-3920xm Intel - -
Core_i7-3930k Intel - -
Core_i7-3940xm Intel - -
Core_i7-3960x Intel - -
Core_i7-3970x Intel - -
Core_i7-4820k Intel - -
Core_i7-4930k Intel - -
Core_i7-4930mx Intel - -
Core_i7-4940mx Intel - -
Core_i7-4960x Intel - -
Core_i7-5820k Intel - -
Core_i7-5930k Intel - -
Core_i7-5960x Intel - -
Core_i7-6800k Intel - -
Core_i7-6850k Intel - -
Core_i7-6900k Intel - -
Core_i7-6950x Intel - -
Core_i7-7500u Intel - -
Core_i7-7560u Intel - -
Core_i7-7567u Intel - -
Core_i7-7600u Intel - -
Core_i7-7660u Intel - -
Core_i7-7700 Intel - -
Core_i7-7700hq Intel - -
Core_i7-7700k Intel - -
Core_i7-7700t Intel - -
Core_i7-7740x Intel - -
Core_i7-7800x Intel - -
Core_i7-7820eq Intel - -
Core_i7-7820hk Intel - -
Core_i7-7820hq Intel - -
Core_i7-7820x Intel - -
Core_i7-7920hq Intel - -
Core_i7-7y75 Intel - -
Core_i7-8086k Intel - -
Core_i7-8500y Intel - -
Core_i7-8550u Intel - -
Core_i7-8557u Intel - -
Core_i7-8559u Intel - -
Core_i7-8565u Intel - -
Core_i7-8569u Intel - -
Core_i7-8650u Intel - -
Core_i7-8665u Intel - -
Core_i7-8665ue Intel - -
Core_i7-8700 Intel - -
Core_i7-8700b Intel - -
Core_i7-8700k Intel - -
Core_i7-8700t Intel - -
Core_i7-8705g Intel - -
Core_i7-8706g Intel - -
Core_i7-8709g Intel - -
Core_i7-8750h Intel - -
Core_i7-8809g Intel - -
Core_i7-8850h Intel - -
Core_i7-9800x Intel - -
Core_i9-10850k Intel - -
Core_i9-10885h Intel - -
Core_i9-10900 Intel - -
Core_i9-10900e Intel - -
Core_i9-10900f Intel - -
Core_i9-10900k Intel - -
Core_i9-10900kf Intel - -
Core_i9-10900t Intel - -
Core_i9-10900te Intel - -
Core_i9-10900x Intel - -
Core_i9-10920x Intel - -
Core_i9-10940x Intel - -
Core_i9-10980hk Intel - -
Core_i9-10980xe Intel - -
Core_i9-11900 Intel - -
Core_i9-11900f Intel - -
Core_i9-11900h Intel - -
Core_i9-11900k Intel - -
Core_i9-11900kf Intel - -
Core_i9-11900t Intel - -
Core_i9-11950h Intel - -
Core_i9-11980hk Intel - -
Core_i9-7900x Intel - -
Core_i9-7920x Intel - -
Core_i9-7940x Intel - -
Core_i9-7960x Intel - -
Core_i9-7980xe Intel - -
Core_i9-8950hk Intel - -
Core_i9-9820x Intel - -
Core_i9-9900x Intel - -
Core_i9-9920x Intel - -
Core_i9-9940x Intel - -
Core_i9-9960x Intel - -
Core_i9-9980xe Intel - -
Pentium_silver_j5005 Intel - -
Pentium_silver_j5040 Intel - -
Pentium_silver_n5000 Intel - -
Pentium_silver_n5030 Intel - -
Pentium_silver_n6000 Intel - -
Pentium_silver_n6005 Intel - -
Xeon_e-2124 Intel - -
Xeon_e-2124g Intel - -
Xeon_e-2126g Intel - -
Xeon_e-2134 Intel - -
Xeon_e-2136 Intel - -
Xeon_e-2144g Intel - -
Xeon_e-2146g Intel - -
Xeon_e-2174g Intel - -
Xeon_e-2176g Intel - -
Xeon_e-2176m Intel - -
Xeon_e-2186g Intel - -
Xeon_e-2186m Intel - -
Xeon_e-2224 Intel - -
Xeon_e-2224g Intel - -
Xeon_e-2226g Intel - -
Xeon_e-2226ge Intel - -
Xeon_e-2234 Intel - -
Xeon_e-2236 Intel - -
Xeon_e-2244g Intel - -
Xeon_e-2246g Intel - -
Xeon_e-2254me Intel - -
Xeon_e-2254ml Intel - -
Xeon_e-2274g Intel - -
Xeon_e-2276g Intel - -
Xeon_e-2276m Intel - -
Xeon_e-2276me Intel - -
Xeon_e-2276ml Intel - -
Xeon_e-2278g Intel - -
Xeon_e-2278ge Intel - -
Xeon_e-2278gel Intel - -
Xeon_e-2286g Intel - -
Xeon_e-2286m Intel - -
Xeon_e-2288g Intel - -
Xeon_e-2314 Intel - -
Xeon_e-2324g Intel - -
Xeon_e-2334 Intel - -
Xeon_e-2336 Intel - -
Xeon_e-2356g Intel - -
Xeon_e-2374g Intel - -
Xeon_e-2378 Intel - -
Xeon_e-2378g Intel - -
Xeon_e-2386g Intel - -
Xeon_e-2388g Intel - -
Xeon_e3-1220_v6 Intel - -
Xeon_e3-1225_v6 Intel - -
Xeon_e3-1230_v6 Intel - -
Xeon_e3-1240_v6 Intel - -
Xeon_e3-1245_v6 Intel - -
Xeon_e3-1270_v6 Intel - -
Xeon_e3-1275_v6 Intel - -
Xeon_e3-1280_v6 Intel - -
Xeon_e3-1285_v6 Intel - -
Xeon_e3-1501l_v6 Intel - -
Xeon_e3-1501m_v6 Intel - -
Xeon_e3-1505l_v6 Intel - -
Xeon_e3-1505m_v6 Intel - -
Xeon_e3-1535m_v6 Intel - -
Xeon_gold_5315y Intel - -
Xeon_gold_5317 Intel - -
Xeon_gold_5318h Intel - -
Xeon_gold_5318n Intel - -
Xeon_gold_5318s Intel - -
Xeon_gold_5318y Intel - -
Xeon_gold_5320 Intel - -
Xeon_gold_5320h Intel - -
Xeon_gold_5320t Intel - -
Xeon_gold_6312u Intel - -
Xeon_gold_6314u Intel - -
Xeon_gold_6326 Intel - -
Xeon_gold_6328h Intel - -
Xeon_gold_6328hl Intel - -
Xeon_gold_6330 Intel - -
Xeon_gold_6330h Intel - -
Xeon_gold_6330n Intel - -
Xeon_gold_6334 Intel - -
Xeon_gold_6336y Intel - -
Xeon_gold_6338 Intel - -
Xeon_gold_6338n Intel - -
Xeon_gold_6338t Intel - -
Xeon_gold_6342 Intel - -
Xeon_gold_6346 Intel - -
Xeon_gold_6348 Intel - -
Xeon_gold_6348h Intel - -
Xeon_gold_6354 Intel - -
Xeon_platinum_8351n Intel - -
Xeon_platinum_8352m Intel - -
Xeon_platinum_8352s Intel - -
Xeon_platinum_8352v Intel - -
Xeon_platinum_8352y Intel - -
Xeon_platinum_8353h Intel - -
Xeon_platinum_8354h Intel - -
Xeon_platinum_8356h Intel - -
Xeon_platinum_8358 Intel - -
Xeon_platinum_8358p Intel - -
Xeon_platinum_8360h Intel - -
Xeon_platinum_8360hl Intel - -
Xeon_platinum_8360y Intel - -
Xeon_platinum_8362 Intel - -
Xeon_platinum_8368 Intel - -
Xeon_platinum_8368q Intel - -
Xeon_platinum_8376h Intel - -
Xeon_platinum_8376hl Intel - -
Xeon_platinum_8380 Intel - -
Xeon_platinum_8380h Intel - -
Xeon_platinum_8380hl Intel - -
Xeon_silver_4309y Intel - -
Xeon_silver_4310 Intel - -
Xeon_silver_4310t Intel - -
Xeon_silver_4314 Intel - -
Xeon_silver_4316 Intel - -
Xeon_w-10855m Intel - -
Xeon_w-10885m Intel - -
Xeon_w-11155mle Intel - -
Xeon_w-11155mre Intel - -
Xeon_w-11555mle Intel - -
Xeon_w-11555mre Intel - -
Xeon_w-11855m Intel - -
Xeon_w-11865mle Intel - -
Xeon_w-11865mre Intel - -
Xeon_w-11955m Intel - -
Xeon_w-1250 Intel - -
Xeon_w-1250e Intel - -
Xeon_w-1250p Intel - -
Xeon_w-1250te Intel - -
Xeon_w-1270 Intel - -
Xeon_w-1270e Intel - -
Xeon_w-1270p Intel - -
Xeon_w-1270te Intel - -
Xeon_w-1290 Intel - -
Xeon_w-1290e Intel - -
Xeon_w-1290p Intel - -
Xeon_w-1290t Intel - -
Xeon_w-1290te Intel - -
Xeon_w-1350 Intel - -
Xeon_w-1350p Intel - -
Xeon_w-1370 Intel - -
Xeon_w-1370p Intel - -
Xeon_w-1390 Intel - -
Xeon_w-1390p Intel - -
Xeon_w-1390t Intel - -
Xeon_w-2123 Intel - -
Xeon_w-2125 Intel - -
Xeon_w-2133 Intel - -
Xeon_w-2135 Intel - -
Xeon_w-2145 Intel - -
Xeon_w-2155 Intel - -
Xeon_w-2175 Intel - -
Xeon_w-2195 Intel - -
Xeon_w-2223 Intel - -
Xeon_w-2225 Intel - -
Xeon_w-2235 Intel - -
Xeon_w-2245 Intel - -
Xeon_w-2255 Intel - -
Xeon_w-2265 Intel - -
Xeon_w-2275 Intel - -
Xeon_w-2295 Intel - -
Xeon_w-3175x Intel - -
Xeon_w-3223 Intel - -
Xeon_w-3225 Intel - -
Xeon_w-3235 Intel - -
Xeon_w-3245 Intel - -
Xeon_w-3245m Intel - -
Xeon_w-3265 Intel - -
Xeon_w-3265m Intel - -
Xeon_w-3275 Intel - -
Xeon_w-3275m Intel - -
Xeon_w-3323 Intel - -
Xeon_w-3335 Intel - -
Xeon_w-3345 Intel - -
Xeon_w-3365 Intel - -
Xeon_w-3375 Intel - -

Extended Description

Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing within the code, or when communicating with other components. When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution. Input validation is not the only technique for processing input, however. Other techniques attempt to transform potentially-dangerous input into something safe, such as filtering (CWE-790) - which attempts to remove dangerous inputs - or encoding/escaping (CWE-116), which attempts to ensure that the input is not misinterpreted when it is included in output to another component. Other techniques exist as well (see CWE-138 for more examples.) Input validation can be applied to:

Data can be simple or structured. Structured data can be composed of many nested layers, composed of combinations of metadata and raw data, with other simple or structured data. Many properties of raw data or metadata may need to be validated upon entry into the code, such as:

Implied or derived properties of data must often be calculated or inferred by the code itself. Errors in deriving properties may be considered a contributing factor to improper input validation.

Note that “input validation” has very different meanings to different people, or within different classification schemes. Caution must be used when referencing this CWE entry or mapping to it. For example, some weaknesses might involve inadvertently giving control to an attacker over an input when they should not be able to provide an input at all, but sometimes this is referred to as input validation. Finally, it is important to emphasize that the distinctions between input validation and output escaping are often blurred, and developers must be careful to understand the difference, including how input validation is not always sufficient to prevent vulnerabilities, especially when less stringent data types must be supported, such as free-form text. Consider a SQL injection scenario in which a person’s last name is inserted into a query. The name “O’Reilly” would likely pass the validation step since it is a common last name in the English language. However, this valid name cannot be directly inserted into the database because it contains the “'” apostrophe character, which would need to be escaped or otherwise transformed. In this case, removing the apostrophe might reduce the risk of SQL injection, but it would produce incorrect behavior because the wrong name would be recorded.

Potential Mitigations

  • Assume all input is malicious. Use an “accept known good” input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, “boat” may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as “red” or “blue.”
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code’s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
  • Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings.
  • Inputs should be decoded and canonicalized to the application’s current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.
  • Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content.

References