Intel CSME flaw is unpatchable, researchers warn

Last May, Intel released firmware patches for vulnerabilities affecting several hardware security features in its chipsets that are used for digital rights management, device attestation, firmware validation, safe storage of cryptographic keys, disk encryption and more. A team of security researchers now warns that one of those flaws is actually unpatchable and could lead to a complete compromise of the cryptographic chain of trust in Intel-based systems with potentially disastrous implications for technologies built on top of it.

“The scenario that Intel system architects, engineers and security specialists perhaps feared most is now a reality,” researchers from security firm Positive Technologies said in a report released today. “A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME). This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms.”

The unpatchable CSME flaw

When Positive Technologies found the vulnerability and reported it to Intel, it learned that it had already been reported by an external Intel partner. The chip vendor tracks the issue as CVE-2019-0090 with a CVSS risk score of 7.1 (High) and disclosed it in an advisory last year together with a dozen other vulnerabilities.

Intel describes the flaw as an insufficient access control vulnerability in the subsystem for Intel CSME versions 11.x; Intel CSME version 12.0.35; Intel TXE versions 3.x and 4.x; Intel Server Platform Services versions 3.x, 4.x and SPS_E3_05.00.04.027.0, which “may allow an unauthenticated user to potentially enable escalation of privilege via physical access.”

To mitigate the issue, the company released firmware patches that are distributed through BIOS updates from system manufacturers, but according to Positive Technologies, the fix only closes one exploit vector. They believe that more attack methods exist and some don’t require physical access.

More importantly, the flaw itself cannot be patched because it’s located in the boot ROM of CSME, which is programmed during the manufacturing process and cannot be changed. The CSME firmware itself that resides in SPI flash can be updated, but the early-stage boot code where the bug is located and whose purpose is to load the firmware is burned into the chip and is permanent.

Source link