Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday November 13 2019, @12:55AM   Printer-friendly
from the we-should-all-be-using-riscv dept.

Intel Warns of Critical Info-Disclosure Bug in Security Engine

A critical security bug in the Intel Converged Security and Manageability Engine (CSME) could allow escalation of privilege, denial of service or information disclosure.

The details are included in a bug advisory that in total covers 77 vulnerabilities, 67 of which were found by internal Intel staff. The silicon giant has rolled out firmware updates and software patches to address these, which range in severity from the one critical flaw to a low-severity local privilege-escalation issue.

The affected products are: Intel CSME, Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL).

[...]The critical flaw is a heap overflow bug with a score of 9.6 out of 10 on the CVSS v.3 severity scale (CVE-2019-0169). It exists in the subsystem in the Intel CSME, which is a standalone chip on Intel CPUs that is used for remote management. The vulnerability and[sic] could allow an unauthenticated user to enable escalation of privileges, information disclosure or denial of service via adjacent access.

“Adjacent access” means that an attack must be launched from the same shared physical network or local IP subnet, or from within the same secure VPN or administrative network zone.

Read the rest of the article for details on the additional vulnerabilities that were addressed.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by jmichaelhudsondotnet on Wednesday November 13 2019, @12:37PM

    by jmichaelhudsondotnet (8122) on Wednesday November 13 2019, @12:37PM (#919802) Journal

    well said.

    Someone also has to make sure they aren't putting wifi transmitters onto chips, or rfid'able tags to passively track people by their cpus and other fun things.

    I would like to catch the intel cpu phoning home over ethernet, they can be invisible on the chip but they cannot be invisible over transmission.

    Sadly, yet another reason to resist 5g, in those high frequencies and newly opening bands, who knows what nano transmitters will be reporting from your local keylogger.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3