IPAS: Bug Bounty Bonus: Pentium®, Intel Atom®, and Celeron® Processors

Hi everyone,

Today we are announcing a new Bug Bounty “Bonus” focused on Pentium®, Intel Atom®, and Celeron® Processors. The intent of this new bonus program is to incentivize deeper research into microcode for the products listed on the Bug Bounty Bonus page. For these products, external parties have recently published microcode and a microcode disassembler to GitHub and we believe this is an opportunity to engage the broader research community with a new challenge!

This bonus incentive will be open to the public for a period of one year and will pay up to $150,000.00 for novel vulnerabilities. Additionally, at the end of the one-year period, the top two research submissions will be invited to speak at iSecCon (Intel’s internal security conference).

Example topics of interest:

  • Escalation of Privilege​
  • Information disclosure​
  • Denial of Service ​
    • Temporary
    • Permanent ​
  •  Ability to alter/modify/change security boundaries

Please visit the Bug Bounty Bonus page for details. We encourage the research community to review the program and we challenge you to discover something awesome!

Intel Debugging Tools

The external parties mentioned are running tests on systems they have physical access to, which are not up to date with the latest mitigations and are not properly configured with Intel recommended Flash Descriptor write protection (which occurs as part of end of manufacturing by system manufacturers). Researchers are using previously mitigated vulnerabilities dating as far back as 2017 to gain access to what we call an Intel Unlocked (aka “Red Unlocked”) state and below are links to technical papers we have previously published about those issues.

Intel Converged Security Management Engine (CSME)

The Intel Converged Security Management Engine (CSME) Delayed Authentication Mode (DAM) vulnerability – CVE-2018-3659 and CVE-2018-3643

Intel Unlocked is a reference to industry standard debugging tools implemented similarly by all silicon vendors. Debugging is the ability to find the root cause of an issue keeping the system from operating as intended. In all areas of technology development, from hardware to software and everything in between, debugging is an industry standard. In addition, silicon manufacturers like Intel provide debug capabilities to those who develop on our platforms such as BIOS firmware developers and systems integrators. These capabilities allow for common tasks such as:

  • Understanding the cause of a system hang or crash.
  • Understanding the interaction between the hardware and software under development with visibility in to how the software flows are controlling the hardware or embedded firmware from the start of execution.
  • Understanding functional and electrical interactions between silicon components.
  • Understanding platform power state behavior.
  • Understanding functional and electrical interactions between Intel and non-Intel components.
  • Understanding the interaction between the firmware and the relevant platform components (can be SoC/platform hardware and/or the OS/driver/application).

XuCode

To help reduce confusion about what external researchers may find while in the Intel Unlocked state, today we have published a write up concerning XuCode (pronounced zoo-code) which is used to deliver parts of the Intel Software Guard Extensions (SGX) implementation. We encourage customers to familiarize themselves with this technology and the Defense in Depth mechanisms in place to help protect it.

Conclusion

While we understand the continued interest in this area of research, some of the conclusions drawn by the researchers are inaccurate. Additionally, the platforms they are researching are not necessarily indicative of other Intel platforms and we continue to focus on new innovations in product security and to use our well-established security assurance processes to mitigate issues as soon as we learn about them. The transparency of our process is highlighted in the Intel 2020 Product Security Report and in this Security Magazine article.

Regards,

Jerry Bryant
Sr. Director of Communications
Intel Product Assurance and Security

Published on Categories IDF, Security
Jerry Bryant

About Jerry Bryant

Jerry Bryant is a Senior Director of Security Communications at Intel Corp. where he leads communications strategy, vulnerability issues management, field, and customer readiness within the Intel Product Assurance and Security Group (IPAS). Jerry has over 20 years experience in product security incident response within fortune 50 companies and specializes in vulnerability handling, incident/crisis management, threat intelligence sharing, industry, and government engagement. He believes strongly in sharing lessons learned and helping to advance the knowledge and readiness of defenders across the industry. Jerry is a co-author of the Product Security Incident Response Team (PSIRT) Services Framework, a cross industry collaboration through the Forum for Incident Response and Security Teams (FIRST.org).