Intel Fixes Critical Flaw in AMT
Intel released its June security updates, which fixes two critical vulnerabilities that can give unauthenticated hackers elevated privileges. The critical flaws exist in Intel's Active Management Technology, or AMT, which is used for remote out-of-band management of personal computers. The two critical flaws, CVE-2020-0594 and CVE-2020-0595, exist in the IPv6 subsystem of AMT. The flaws could enable an unauthenticated user to gain elevated privileges via network access. AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 are affected.
CVE-2020-0594 is an out-of-bounds read flaw and CVE-2020-0595 is a use after free vulnerability. A high-severity privilege escalation flaw that exists in the Intel Innovation Engine, was also patched. Innovation Engine is an embedded core in the Peripheral Controller Hub, which is a dedicated subsystem that system vendors can use to customize their firmware. CVE-2020-8675 comes from insufficient control flow management in the Innovation Engine's firmware build and signing tool. It may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
There was a medium severity flaw known as CrossTalk that was also fixed. The flaw is related to a new class of flaws uncovered in 2019, called Microarchitectural Data Sampling, which uses side channel attacks to steal data from affected systems. The flaw could enable a hacker with local access to run code that can obtain data from an app running on a different CPU core. Until now, all the attacks assumed that the hacker and victim were sharing the same core, so that placing mutually untrusting code on different cores would thwart such attacks. The new transient execution vulnerability, which Intel refers to as Special Register Buffer Data Sampling, enables hacker controlled code execution on one CPU core to leak sensitive data from victim software executing on a different core.
Intel implemented a fix for CrossTalk in a microcode update distributed to software vendors, which locks the entire memory bus before updating the staging buffer and only unlocks it after clearing its content. This ensures that no information is exposed to off-core requests issued from other CPU cores. Intel's June security update fixed flaws tied to 22 CVEs. Intel did not release any fixes for flaws in May. In April, Intel patched high-severity flaws in its Next Unit Computing mini PC firmware, and in its Modular Server MFS2600KISPP Compute Module.