移至主內容
Intel Platform Update (IPU) Update 2020.1, June 2020

More Information:

Scurity Advisories that affect BIOS:

  • Intel-SA-00295 – Intel® CSME, SPS, TXE, AMT and DAL Advisory
    • Summary: Potential security vulnerabilities in Intel® Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel® Trusted Execution Engine (TXE), Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) and Intel® Dynamic Application Loader (DAL) may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.
    • Severity: Critical
  • Intel-SA-00320 – Special Register Buffer Data Sampling Advisory
    • Summary: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.
    • Severity: Medium
  • Intel-SA-00322 – 2020.1 IPU BIOS Advisory
    • Summary: Potential security vulnerabilities in BIOS firmware for Intel® Processors may allow escalation of privilege and/or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
    • Severity: High
  • Intel-SA-00329 – Intel® Processors Data Leakage Advisory
    • Summary: Potential security vulnerabilities in some Intel® Processors may allow Information Disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
    • Severity: Medium
  • Intel-SA-00260 – (updated) Intel® Processor Graphics 2019.2 QSR Update Advisory
    • Summary: A potential security vulnerability in Intel® Processor Graphics may allow denial of service. Intel is releasing BIOS, microcode Firmware and Intel® Graphics Drivers updates to mitigate this potential vulnerability.
    • Severity: Medium

Security Advisories that don’t affect BIOS:

  • Intel-SA-00266 – Intel® SSD Advisory
  • Intel-SA-00366 - Intel® Innovation Engine Advisory

Additional Notes – Statements from Intel

SRBDS:
“Special Register Buffer Data Sampling (SRBDS) is similar to previously disclosed transient execution vulnerabilities and does not impact many of our recent product releases, including Intel Atom® processors, Intel® Xeon® Scalable Processor Family and 10th Generation Intel® Core™ processors based on Ice Lake and Comet Lake. For those processors that may be affected, we are actively coordinating with industry partners and expect to release microcode updates for these vulnerabilities in the coming weeks. For more information, please go to https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling.”

CSME Critical Vulnerabilities:
“The two critical CSME vulnerabilities, reported through the Intel Bug Bounty program, require a non-standard configuration for systems to be vulnerable. At this time, Intel is not aware of any customers using this configuration.”

CSME Issue Reported by Positive Technologies:
“On systems with the latest mitigations applied, the issue reported requires physical access and specialized equipment to exploit.”