Stories
Slash Boxes
Comments

SoylentNews is people

Intel Warns of Critical Info-Disclosure Bug in Security Engine

posted by martyb on Wednesday November 13 2019, @12:55AM   Printer-friendly
from the we-should-all-be-using-riscv dept.

upstart writes in with a submission, via IRC, for carny.

Intel Warns of Critical Info-Disclosure Bug in Security Engine

A critical security bug in the Intel Converged Security and Manageability Engine (CSME) could allow escalation of privilege, denial of service or information disclosure.

The details are included in a bug advisory that in total covers 77 vulnerabilities, 67 of which were found by internal Intel staff. The silicon giant has rolled out firmware updates and software patches to address these, which range in severity from the one critical flaw to a low-severity local privilege-escalation issue.

The affected products are: Intel CSME, Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL).

[...]The critical flaw is a heap overflow bug with a score of 9.6 out of 10 on the CVSS v.3 severity scale (CVE-2019-0169). It exists in the subsystem in the Intel CSME, which is a standalone chip on Intel CPUs that is used for remote management. The vulnerability and[sic] could allow an unauthenticated user to enable escalation of privileges, information disclosure or denial of service via adjacent access.

“Adjacent access” means that an attack must be launched from the same shared physical network or local IP subnet, or from within the same secure VPN or administrative network zone.

Read the rest of the article for details on the additional vulnerabilities that were addressed.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Intel Warns of Critical Info-Disclosure Bug in Security Engine | Log In/Create an Account | Top | 27 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by jmichaelhudsondotnet on Wednesday November 13 2019, @12:32PM (3 children)

    by jmichaelhudsondotnet (8122) on Wednesday November 13 2019, @12:32PM (#919801) Journal

    19"

    ftfy

    And you thought no one was reading this deep in the thread.

    19' macbooks coming for xmas 2020!!!!!! You think you have seen a big screen, but wait til you see this!

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by hendrikboom on Thursday November 14 2019, @01:07AM (2 children)

    by hendrikboom (1125) Subscriber Badge on Thursday November 14 2019, @01:07AM (#920107) Homepage Journal

    For those who use metric, 19" is nineteen inches, about 50 cm.
    19' is nineteen feet, about 580 cm.

    -- hendrik

    • (Score: 2) by driverless on Thursday November 14 2019, @12:30PM (1 child)

      by driverless (4770) on Thursday November 14 2019, @12:30PM (#920302)

      What's that in furlongs? We haven't switched to these newfangled inchy things yet where I live.

      • (Score: 1, Touché) by Anonymous Coward on Friday November 15 2019, @11:11AM

        by Anonymous Coward on Friday November 15 2019, @11:11AM (#920654)

        It's 28.79 millifurlongs [wolframalpha.com]