Intel Power Management Controller (PMC) Security Advisory

Last Updated: 20 Dec 2018 at 13:42

Intel ID: INTEL-SA-00131

Advisory Category: Firmware

Impact of vulnerability: Escalation of Privilege, Information Disclosure

Severity rating: HIGH

Original release: 09/11/2018

Last revised: 12/18/2018

Summary:

A potential security vulnerability in power management controller firmware may allow escalation of privilege and/ or information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.

Vulnerability Details

CVEID: CVE-2018-3643

Description: A vulnerability in Power Management Controller firmware in systems using specific Intel® Converged Security and Management Engine (CSME) before version 12.0.6 or Intel® Server Platform Services firmware before version 4.x.04 may allow a privileged user to potentially escalate privileges or disclose information via local access.

Description: A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products:

Systems using the following firmware versions and associated products are impacted.

Products containing Intel® Server Platform Services firmware version 4.x:

Impacted Product Mitigated FW version

Intel® Atom® Processor C3000 Series Platform 4.00.04.177.0

Intel® Xeon® D-2100 Processor Family Platform 4.00.04.077.0

Intel® Xeon® Scalable Processor Family Platforms 4.00.04.381.0

Intel® C620 Series Chipset Family (PCIe End Point Mode) 4.00.04.381.0

Intel® QuickAssist Adapter 8960/8970 Products 4.x.05

Products containing Intel® CSME firmware version 11.x or later:

Impacted Product Mitigated FW(CSME) version

6th Generation Intel® Core™ Processor Family Platforms 11.8.55

7th Generation Intel® Core™ Processor Family Platforms 11.8.55

8th Generation Intel® Core™ Processor Family Platforms 12.0.6

Intel® Xeon® E3-1200/1500 v5 Processor Family Platforms 11.8.55

Intel® Xeon® E3-1200/1500 v6 Processor Family Platforms 11.8.55

Intel® Xeon® W Processor Family Platform 11.11.55

Intel® Core™ X-Series Processor Family Platform 11.11.55

Intel® Xeon® Scalable Processors 11.21.55

Recommendations:

Intel recommends that end users should check with their system manufacturers and apply any available updates as soon as practical, based on the versions listed above, or higher.

Acknowledgements:

This issue was found internally by Intel.

Revision History

Revision Date Description

1.0 09/11/2018 Initial Release

1.1 12/18/2018 Vulnerability description updated

Source: INTEL-SA-00131

Intel ID:	INTEL-SA-00131
Advisory Category:	Firmware
Impact of vulnerability:	Escalation of Privilege, Information Disclosure
Severity rating:	HIGH
Original release:	09/11/2018
Last revised:	12/18/2018

Revision	Date	Description
1.0	09/11/2018	Initial Release
1.1	12/18/2018	Vulnerability description updated

Posted By: Brink
11 Sep 2018

Brink

Posts : 68,917
64-bit Windows 11 Pro for Workstations

New 20 Dec 2018 #1

Vulnerability description updated.
My Computers
- System One
- System Two
Computer Type: PC/Desktop
System Manufacturer/Model Number: Custom self built
OS: 64-bit Windows 11 Pro for Workstations
CPU: Intel i7-8700K 5 GHz
Motherboard: ASUS ROG Maximus XI Formula Z390
Memory: 64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
Graphics Card: ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card: Integrated Digital Audio (S/PDIF)
Monitor(s) Displays: 2 x Samsung Odyssey G75 27"
Screen Resolution: 2560x1440
Keyboard: Logitech wireless K800
Mouse: Logitech MX Master 3
PSU: Seasonic Prime Titanium 850W
Case: Thermaltake Core P3 wall mounted
Cooling: Corsair Hydro H115i
Hard Drives: 1TB Samsung 990 PRO M.2, 4TB Samsung 990 PRO PRO M.2, 8TB WD MyCloudEX2Ultra NAS
Internet Speed: 1 Gbps Download and 35 Mbps Upload
Browser: Google Chrome
Antivirus: Windows Defender and Malwarebytes Premium
Other Info: Logitech Z625 speaker system, Logitech BRIO 4K Pro webcam, HP Color LaserJet Pro MFP M477fdn, APC SMART-UPS RT 1000 XL - SURT1000XLI, Galaxy S23 Plus phone

View my PC Album

Computer Type: Laptop
System Manufacturer/Model Number: HP Spectre x360 2in1
OS: 64-bit Windows 10 Pro build 21390
CPU: i7-1065G7 3.9 GHz
Memory: 16 GB LPDDR4-3200
Graphics Card: Intel Iris Plus
Sound Card: Intel SST
Monitor(s) Displays: 13.3" 4K UWVA AMOLED multitouch
Screen Resolution: 3840 x 2160
Hard Drives: 512 GB PCIe NVMe M.2 SSD
Browser: Google Chrome
Antivirus: Windows Defender and Malwarebytes Premium
Quote

Subscribe to Thread

Related Discussions

Impacted Product	Mitigated FW version
Intel® Atom® Processor C3000 Series Platform	4.00.04.177.0
Intel® Xeon® D-2100 Processor Family Platform	4.00.04.077.0
Intel® Xeon® Scalable Processor Family Platforms	4.00.04.381.0
Intel® C620 Series Chipset Family (PCIe End Point Mode)	4.00.04.381.0
Intel® QuickAssist Adapter 8960/8970 Products	4.x.05

Impacted Product	Mitigated FW(CSME) version
6th Generation Intel® Core™ Processor Family Platforms	11.8.55
7th Generation Intel® Core™ Processor Family Platforms	11.8.55
8th Generation Intel® Core™ Processor Family Platforms	12.0.6
Intel® Xeon® E3-1200/1500 v5 Processor Family Platforms	11.8.55
Intel® Xeon® E3-1200/1500 v6 Processor Family Platforms	11.8.55
Intel® Xeon® W Processor Family Platform	11.11.55
Intel® Core™ X-Series Processor Family Platform	11.11.55
Intel® Xeon® Scalable Processors	11.21.55