Intel Security update (Intel® CSME Assets Advisory & Intel Power Management Controller (PMC) Security Advisory)
Server
13 Sep. 2018
 

QCT was notified that Intel® Converged Security and Management Engine (CSME) issue (Intel-SA-00125) and Intel® Power Management Controller (PMC) Security Vulnerability (Intel-SA-00131) could potentially place certain platforms at risk. As Intel’s recommendation, please update your BIOS Firmware to resolve these security vulnerabilities.

  • Table 1 - Intel CSME (SA-00125) & PMC (SA-00131) Security Vulnerabilities overview
  • Table 2 - BIOS version for fixing Intel CSME & PMC Security Vulnerabilities
  • Reference

Intel® CSME Assets Advisory (Intel-SA-00125) - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html

Intel Power Management Controller (PMC) Security Advisory (Intel-SA-00131) - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html?wapkw=intel-sa-00131

 

Table 1 - Intel CSME (SA-00125) & PMC (SA-00131) Security Vulnerabilities 

Intel SA #

No.

CVE#

CVE title

impacted project scope

Mitigation options

Intel-SA-00125

Intel® Converged Security Management Engine (Intel® CSME) security issues

CVE-2018-3655

A logic bug in the subsystem in Intel® CSME prior to version 11.x Intel® Server Platform Services prior to 4.x and Intel® Trusted Execution Engine Firmware prior to 3.x allows privileged attacker to uncover or tamper with certain platform secrets via physical access.

Severs with Intel® Xeon® Scalable Processor Family (Purley, Skylake) are impacted only.

BIOS update

Intel-SA-00131

Power Management Controller (PMC) Security Vulnerability

CVE-2018-3643

A vulnerability in Power Management Controller firmware in systems using specific Intel® Converged Security and
Management Engine (CSME) or Intel® Server Platform Services firmware versions allows an attacker with
administrative privileges to uncover certain platform secrets via local access.

 

 

 Table 2 - BIOS version for fixing Intel CSME (SA-00125) & PMC (SA-00131) Security Vulnerabilities

QCT servers

CPU

BIOS fixed version

BIOS release week

D52B-1U

 

Intel® Xeon® Scalable Processor Family (Skylake)

 3A12.Q302       WK37       
D52BQ
T42S-2U
T42SP-2U
T42D-2U
Q72D-2U 

D52T-1ULH

D52G-4U

in process   WK48

D52BV-2U

 3A12.Q302  WK37

D52BM-2U

 3A11.M03 WK38