IPAS: Security Advisories for June 2020

Hi everyone,

It’s the second Tuesday in June, and today we are releasing 5 new security advisories along with new whitepapers taking a deeper look into some of the issues being addressed.

Advisories in the table below have been part of the Intel Platform Update (IPU) process through which we work with ecosystem partners to validate and integrate updates prior to public disclosure. Please check with your system manufacturer for updates where applicable.

Security Advisory ID Title CVEs CVSS
INTEL-SA-00266 2020.1 IPU – Intel® SSD Advisory CVE-2020-0527 7.9
INTEL-SA-00295 2020.1 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory CVE-2020-0542, CVE-2020-0532, CVE-2020-0538, CVE-2020-0534, CVE-2020-0541, CVE-2020-0533, CVE-2020-0537, CVE-2020-0531, CVE-2020-0535, CVE-2020-0536, CVE-2020-0545, CVE-2020-0540, CVE-2020-0566, CVE-2020-0539, CVE-2020-0586, CVE-2020-0594, CVE-2020-0595, CVE-2020-0596, CVE-2020-8674, CVE-2020-0597 3.3 – 9.8
INTEL-SA-00320 2020.1 IPU – Special Register Buffer Data Sampling CVE-2020-0543 6.5
INTEL-SA-00322 2020.1 IPU – BIOS Advisory CVE-2020-0528, CVE-2020-0529 5.7- 7.5
INTEL-SA-00366 Intel® Innovation Engine Advisory CVE-2020-8675 7.1

 

Additional information:

INTEL-SA-00295 contains two vulnerabilities with critical CVSS scores of 9.8. Both of these were reported through the Intel Bug Bounty program, and both require that Intel® Active Management Technology (AMT) be configured with IPv6. This is a non-standard configuration, and at the time of this writing, Intel is not aware of any customers using AMT with IPv6. Regardless, the firmware update mitigates these issues.

The Intel® Converged Security and Management Engine IOMMU Hardware Issue – CVE-2019-0090 whitepaper has been updated to include information regarding CVE-2020-0566 as part of today’s release. Read the updated whitepaper HERE.

In addition, we are releasing a new whitepaper titled “The Intel® Converged Security Management Engine (CSME) Delayed Authentication Mode (DAM) vulnerability – CVE-2018-3659 and CVE-2018-3643”. This paper discusses the impact of these issues and the mitigations. Note that these issues require physical access to affected systems. Read the new whitepaper HERE.

INTEL-SA-00320 is a side-channel issue called Special Register Buffer Data Sampling, or SRBDS, with a medium CVSS score. As with all side-channel issues reported to date, Intel is not aware of any real-world exploits of SRBDS outside of a lab environment. We are aware that researchers have released a paper on this issue and refer to it as “CrossTalk”. For more background, we have released a whitepaper at the link below.

The SRBDS deep dive whitepaper can be found HERE.

Finally, in January 2020 we released INTEL-SA-00329 addressing two side-channel issues. Specifically, CVE-2020-0549 addressing an issue called “L1D Eviction Sampling” which has been referred to by researchers as “ZombieLoad”, “RIDL”, and “CacheOut”. The CacheOut researchers recently informed us of a new paper referred to as SGAxe. It is important to note that SGAxe relies on CVE-2020-0549 which has been mitigated in microcode (confirmed by the researchers in their updated CacheOut paper) and distributed out to the ecosystem.

That’s it for June 2020. Our next regular update will be July 14, 2020.

Regards,

Jerry Bryant
Director of Communications
Intel Product Assurance and Security