Power Management Controller (PMC) Security Vulnerability (Intel-SA-00131)

Documentation

Product Information & Documentation

000030482

09/13/2018

Intel has identified a firmware security vulnerability. It allows an attacker with administrative privileges to gain unauthorized access to platform features and sensitive information protected by the Intel® Converged Security and Management Engine (CSME) or Intel® Server Platform Services (SPS).

Firmware updates have been provided to system manufacturers that resolve the issue. Intel recommends that you check with your system manufacturers to determine the availability of their firmware update. Then apply available updates in a timely manner.

Affected versions are noted below along with the firmware (FW) version that mitigates the issue:
Intel® CSME firmware versions including 11.0 through 11.8.50; 11.10 through 11.11.50; 11.20 through 11.21.50; 12.0 through 12.0.5, which can be found on the following products:
  • 6th Generation Intel® Core™ Processor Family Platforms (mitigated by FW v.11.8.55)
  • 7th Generation Intel® Core™ Processor Family Platforms (mitigated by FW v.11.8.55)
  • 8th Generation Intel® Core™ Processor Family Platforms (mitigated by FW v.12.0.6)
  • Intel® Xeon® E3-1200/1500 v5 Processor Family Platforms (mitigated by FW v.11.8.55)
  • Intel® Xeon® E3-1200/1500 v6 Processor Family Platforms (mitigated by FW v.11.8.55)
  • Intel® Xeon® E-1200M Processors (mitigated by FW v.11.8.55)
  • Intel® Xeon® W Processor Family Platform (mitigated by FW v.11.11.55)
  • Intel® Xeon® Scalable Processors (mitigated by FW v.11.11.55)
  • Intel® Core™ X-Series Processor Family Platform (mitigated by FW v.11.11.55)
Intel® SPS firmware version 4.0.0, which can be found on the following products:
  • Intel Atom® Processor C3000 Series Platform (mitigated by FW v.4.x.05)
  • Intel® Xeon® D-2100 Processor Family Platform (mitigated by FW v.4.x.05)
  • Intel® Xeon® Scalable Processor Family Platform (mitigated by FW v.4.x.05)
  • Intel® C620 Series Chipset Family (PCIe* EndPoint Mode) (mitigated by FW v.4.x.05)
  • Intel® QuickAssist Adapter 8960/8970 Products (mitigated by FW v.4.x.05)

You can find additional details in the Security Advisory INTEL-SA-00131.

Frequently Asked Questions

Click or the question for details:

What are the Vulnerability Descriptions, Common Vulnerabilities and Exposures (CVE) Number, and Common Vulnerability Scoring System (CVSS) information for the identified vulnerabilities associated with Intel CSME?
How can I view the ME/CSME version to determine if I'm impacted by this vulnerability?
  • Option 1: Restart your system and access the system BIOS. ME/CSME firmware information may be available in the BIOS information screens. Contact your system manufacturer for assistance.
  • Option 2: Download the Intel SA-00125 Detection tool from Download Center. Extract the tool and run the Intel-SA-00125-GUI.EXE program. Check the ME Info section of the output for the ME version number (example below).

    Intel(R) ME Information
    Engine: Intel(R) Management Engine
    Version: 11.6.29.3287
    SVN: 1

I have a system or motherboard manufactured by Intel (Intel® NUC, Intel® Mini PC, Intel® Server, Intel® Desktop Board) that is showing as vulnerable. What do I do?
  • Go to the Support homepage and Choose your product. There you will be able to check for BIOS or firmware updates for your system.
I built my computer from components, I don't have a system manufacturer to contact. What do I do?
  • Contact the manufacturer of the motherboard you purchased to build your system. They're responsible for distributing the correct BIOS or firmware update for the motherboard.