CVE-2021-0099

Name: CVE-2021-0099
Creator: NVD / NIST
Published: 2022-02-09T23:15:11.137+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.30%

Last modified Jun 17, 2026

CVE-2021-0099 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.30%

21.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Intel	Atom C3308	All versions
Intel	Atom C3336	All versions
Intel	Atom C3338	All versions
Intel	Atom C3338r	All versions
Intel	Atom C3436l	All versions
Intel	Atom C3508	All versions
Intel	Atom C3538	All versions
Intel	Atom C3558	All versions
Intel	Atom C3558r	All versions
Intel	Atom C3708	All versions
Intel	Atom C3750	All versions
Intel	Atom C3758	All versions
Intel	Atom C3758r	All versions
Intel	Atom C3808	All versions
Intel	Atom C3830	All versions
Intel	Atom C3850	All versions
Intel	Atom C3858	All versions
Intel	Atom C3950	All versions
Intel	Atom C3955	All versions
Intel	Atom C3958	All versions
Intel	Core I3-1000g1	All versions
Intel	Core I3-1000g4	All versions
Intel	Core I3-1005g1	All versions
Intel	Core I3-10100	All versions
Intel	Core I3-10100e	All versions
Intel	Core I3-10100f	All versions
Intel	Core I3-10100t	All versions
Intel	Core I3-10100te	All versions
Intel	Core I3-10100y	All versions
Intel	Core I3-10105	All versions
Intel	Core I3-10105f	All versions
Intel	Core I3-10105t	All versions
Intel	Core I3-10110u	All versions
Intel	Core I3-10110y	All versions
Intel	Core I3-10300	All versions
Intel	Core I3-10300t	All versions
Intel	Core I3-10305	All versions
Intel	Core I3-10305t	All versions
Intel	Core I3-10320	All versions
Intel	Core I3-10325	All versions
Intel	Core I3-11100he	All versions
Intel	Core I3-1110g4	All versions
Intel	Core I3-1115g4	All versions
Intel	Core I3-1115g4e	All versions
Intel	Core I3-1115gre	All versions
Intel	Core I3-1120g4	All versions
Intel	Core I3-1125g4	All versions
Intel	Core I3-6006u	All versions
Intel	Core I3-6098p	All versions
Intel	Core I3-6100	All versions

Showing 50 of 681 affected configurations. See NVD for the full list.

References

https://security.netapp.com/advisory/ntap-20220210-0007/Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00527.htmlVendor Advisory
https://security.netapp.com/advisory/ntap-20220210-0007/Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00527.htmlVendor Advisory

Timeline

Published: Feb 9, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-0099?

Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

How severe is CVE-2021-0099?

CVE-2021-0099 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.

How do I fix CVE-2021-0099?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-0099?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST