Login Sign Up

CVE-2021-0073

7.8 HIGH

📋 TL;DR

This vulnerability in Intel Data Streaming Accelerator (DSA) allows authenticated local users to potentially escalate privileges due to insufficient control flow management. It affects systems running vulnerable versions of Intel DSA driver software. Attackers could gain higher privileges on affected systems.

💻 Affected Systems

Products:
  • Intel Data Streaming Accelerator (DSA)
Versions: All versions before 20.11.50.9
Operating Systems: Linux, Windows, Other platforms with Intel DSA support
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Intel DSA driver installation. Affects systems with Intel CPUs supporting DSA feature.

📦 What is this software?

Driver \& Support Assistant by Intel

View all CVEs affecting Driver \& Support Assistant →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local authenticated attacker gains root/system-level privileges, enabling complete system compromise, data theft, and persistence.

🟠

Likely Case

Privileged user or malware with local access escalates to higher privileges to install additional malware or access restricted resources.

🟢

If Mitigated

With proper access controls and monitoring, impact limited to isolated systems with minimal lateral movement.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.
🏢 Internal Only: HIGH - Local authenticated access common in enterprise environments, enabling privilege escalation attacks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local authenticated access and knowledge of control flow manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20.11.50.9 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00510.html

Restart Required: Yes

Instructions:

1. Download Intel DSA driver version 20.11.50.9 or later from Intel website. 2. Stop DSA services. 3. Install updated driver. 4. Reboot system. 5. Verify driver version.

🔧 Temporary Workarounds

Disable Intel DSA

linux

Temporarily disable Intel Data Streaming Accelerator functionality

modprobe -r idxd
systemctl stop intel-dsa-service

Restrict Local Access

all

Limit local authenticated access to systems with vulnerable DSA drivers

🧯 If You Can't Patch

  • Implement strict least privilege access controls to limit local authenticated users
  • Monitor for privilege escalation attempts and unusual process behavior

🔍 How to Verify

Check if Vulnerable:

Check Intel DSA driver version: On Linux: 'modinfo idxd' or check /sys/bus/dsa/devices. On Windows: Check driver version in Device Manager under System devices.

Check Version:

Linux: 'modinfo idxd | grep version' or 'cat /sys/bus/dsa/devices/dsa0/version'. Windows: Check Properties in Device Manager.

Verify Fix Applied:

Verify driver version is 20.11.50.9 or higher using same commands as vulnerability check.

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts
  • Failed authorization events followed by successful privileged operations
  • Driver loading/unloading anomalies

Network Indicators:

  • Not applicable - local exploit only

SIEM Query:

EventID=4688 OR Process Creation with parent-child privilege mismatch OR Driver Load events for idxd.sys

📊 Metadata

CVE ID: CVE-2021-0073
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: June 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON