• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Researchers Find Unfixable Vulnerability Inside Intel CPUs

AleksandarK

News Editor
Staff member
Joined
Aug 19, 2017
Messages
2,591 (0.97/day)
Researchers have found another vulnerability Inside Intel's Converged Security and Management Engine (CSME). For starters, the CSME is a tiny CPU within a CPU that has access to whole data throughput and is dedicated to the security of the whole SoC. The CSME system is a kind of a black box, given that Intel is protecting its documentation so it can stop its copying by other vendors, however, researchers have discovered a flaw in the design of CSME and are now able to exploit millions of systems based on Intel CPUs manufactured in the last five years.

Discovered by Positive Technologies, the flaw is lying inside the Read-Only Memory (ROM) of the CSME. Given that the Mask ROM is hardcoded in the CPU, the exploit can not be fixed by a simple firmware update. The researchers from Positive Technologies describe it as such: "Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over the reading of the Chipset Key and generation of all other encryption keys. One of these keys is for the Integrity Control Value Blob (ICVB). With this key, attackers can forge the code of any Intel CSME firmware module in a way that authenticity checks cannot detect. This is functionally equivalent to a breach of the private key for the Intel CSME firmware digital signature, but limited to a specific platform."



Every CPU manufactured in the last 5 years is subject to exploit, except the latest 10th generation, Ice Point-based chipsets and SoCs. The only solution for owners of prior generation CPUs is to upgrade to the latest platform as a simple firmware update can not resolve this. The good thing, however, is that to exploit a system, an attacker must have physical access to the hardware in question, as remote exploitation is not possible.

View at TechPowerUp Main Site
 
Joined
Apr 1, 2017
Messages
420 (0.15/day)
System Name The Cum Blaster
Processor R9 5900x
Motherboard Gigabyte X470 Aorus Gaming 7 Wifi
Cooling Alphacool Eisbaer LT360
Memory 4x8GB Crucial Ballistix @ 3800C16
Video Card(s) 7900 XTX Nitro+
Storage Lots
Display(s) 4k60hz, 4k144hz
Case Obsidian 750D Airflow Edition
Power Supply EVGA SuperNOVA G3 750W
pretty funny when the reaction to yet another vulnerability from people is the equivalent of yawning
indicative of just how much intel fucked up lol
 
Joined
Oct 15, 2019
Messages
585 (0.31/day)
physical access to the hardware is required, so here is an idea.... lock the server room door... (Best firmware update)
The article is not correct in this regard. Local access should be enough, as in able to execute some code with raised privileges. So you are safe if you never execute 3rd party code. Time to disable that javascript from your browser.
 
Joined
Oct 18, 2013
Messages
6,190 (1.53/day)
Location
Over here, right where you least expect me to be !
System Name The Little One
Processor i5-11320H @4.4GHZ
Motherboard AZW SEI
Cooling Fan w/heat pipes + side & rear vents
Memory 64GB Crucial DDR4-3200 (2x 32GB)
Video Card(s) Iris XE
Storage WD Black SN850X 4TB m.2, Seagate 2TB SSD + SN850 4TB x2 in an external enclosure
Display(s) 2x Samsung 43" & 2x 32"
Case Practically identical to a mac mini, just purrtier in slate blue, & with 3x usb ports on the front !
Audio Device(s) Yamaha ATS-1060 Bluetooth Soundbar & Subwoofer
Power Supply 65w brick
Mouse Logitech MX Master 2
Keyboard Logitech G613 mechanical wireless
Software Windows 10 pro 64 bit, with all the unnecessary background shitzu turned OFF !
Benchmark Scores PDQ
Hummm...wondering just how long intel has known about this.....probably for quite some time, based on the chip timeline noted in the article ..:mad::mad::mad:

time to lawyer up & get ready for yet anutha giga-mega $$$ hooplahfest against them...
 
Joined
Mar 7, 2010
Messages
989 (0.18/day)
Location
Michigan
System Name Daves
Processor AMD Ryzen 3900x
Motherboard AsRock X570 Taichi
Cooling Enermax LIQMAX III 360
Memory 32 GiG Team Group B Die 3600
Video Card(s) Powercolor 5700 xt Red Devil
Storage Crucial MX 500 SSD and Intel P660 NVME 2TB for games
Display(s) Acer 144htz 27in. 2560x1440
Case Phanteks P600S
Audio Device(s) N/A
Power Supply Corsair RM 750
Mouse EVGA
Keyboard Corsair Strafe
Software Windows 10 Pro
OOPS. Sad days @ Intel!
 
Joined
Jun 11, 2008
Messages
576 (0.10/day)
System Name Epsilon
Processor A12-9800E 35watts
Motherboard MSI Grenade AM4
Cooling Stock
Memory 2x4GB DDR4 2400 Kingston Hyper X
Video Card(s) Radeon R7 (IGP / APU)
Storage Samsung Spinpoint F1
Display(s) AOC 29" Ultra wide
Case Generic
Power Supply Antec Earthwatts 380w
Software Windows 10
So... what would be the icon for such vulnerability?
we already got these:
zombieload-name.png

This is important. We need an icon. Period.
 
Joined
Dec 16, 2017
Messages
2,918 (1.15/day)
System Name System V
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling Cooler Master Hyper 212 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s) LG 22MP55 IPS Display
Case NZXT Source 210
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Software Whatever build of Windows 11 is being served in Canary channel at the time.
Benchmark Scores Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624
Joined
Sep 6, 2013
Messages
3,333 (0.81/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 5500 / Ryzen 5 4600G / FX 6300 (12 years latter got to see how bad Bulldozer is)
Motherboard MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2) / Gigabyte GA-990XA-UD3
Cooling Îťoctua U12S / Segotep T4 / Snowman M-T6
Memory 32GB - 16GB G.Skill RIPJAWS 3600+16GB G.Skill Aegis 3200 / 16GB JUHOR / 16GB Kingston 2400MHz (DDR3)
Video Card(s) ASRock RX 6600 + GT 710 (PhysX)/ Vega 7 integrated / Radeon RX 580
Storage NVMes, ONLY NVMes/ NVMes, SATA Storage / NVMe boot(Clover), SATA storage
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) ---- 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / CoolerMaster Elite 361 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / CoolerMaster Devastator / Logitech
Software Windows 10 / Windows 10&Windows 11 / Windows 10

rtwjunkie

PC Gaming Enthusiast
Supporter
Joined
Jul 25, 2008
Messages
13,995 (2.34/day)
Location
Louisiana
Processor Core i9-9900k
Motherboard ASRock Z390 Phantom Gaming 6
Cooling All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory 32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s) ASUS RTX 4070 Ti Super OC 16GB
Storage 1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s) Infievo 27" 165Hz @ 2560 x 1440
Case Fractal Design Define R4 Black -windowed
Audio Device(s) Soundblaster Z
Power Supply Seasonic Focus GX-1000 Gold
Mouse Coolermaster Sentinel III (large palm grip!)
Keyboard Logitech G610 Orion mechanical (Cherry Brown switches)
Software Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)
So, much ado about nothing, since physical access is required.

Time to disable that javascript from your browser
Is anyone still using that?
 
Joined
Dec 28, 2012
Messages
3,884 (0.89/day)
System Name Skunkworks 3.0
Processor 5800x3d
Motherboard x570 unify
Cooling Noctua NH-U12A
Memory 32GB 3600 mhz
Video Card(s) asrock 6800xt challenger D
Storage Sabarent rocket 4.0 2TB, MX 500 2TB
Display(s) Asus 1440p144 27"
Case Old arse cooler master 932
Power Supply Corsair 1200w platinum
Mouse *squeak*
Keyboard Some old office thing
Software Manjaro
The article is not correct in this regard. Local access should be enough, as in able to execute some code with raised privileges. So you are safe if you never execute 3rd party code. Time to disable that javascript from your browser.
Source?

Also, if you are going there, there is tons of other things you can do with raised local privlidges. An exploit allowing remote execution of elevated privlidges is far worse then this "requires local access" attack is. For general users, the risk is still "0".
 
Joined
Oct 15, 2019
Messages
585 (0.31/day)
So, much ado about nothing, since physical access is required.


Is anyone still using that?
Read the original article. Physical access is not required. The first proof of concept needed it, but they think that it is possible to work around that limitation.

Source?

Also, if you are going there, there is tons of other things you can do with raised local privlidges. An exploit allowing remote execution of elevated privlidges is far worse then this "requires local access" attack is. For general users, the risk is still "0".
Lots of things yes, but things that are virtually undetectable by any means less so.
Also one can argue that the risk is ”0” for almost any and all exploits, as you don’t have anything valuable on your computer anyway.
 
Joined
Jan 8, 2020
Messages
834 (0.47/day)
Location
Maryland, USA
Processor Ryzen 5 5600X
Motherboard MSI MPG X570S Carbon Max Wifi
Cooling CPU: bequiet! Dark Rock 4. Case fans: 2x bequiet Silent Wings 3 140s, 2x Silent Wings 3 120s
Memory 2 x 8 GB Patriot Viper Steel DDR4-4400 C19
Video Card(s) Sapphire NITRO+ RX 5700 XT
Storage 2TB Mushkin Pilot-E M.2, 1 TB SK Hynix P31 M.2, 1 TB Inland Professional, 500 GB Samsung 860 Evo
Display(s) MSI Optix MAG271CQR 1440p 144Hz, MSI Optix MAG241C 1080p 144Hz
Case Lian Li Lancool III
Audio Device(s) Philips SHP9500, V-Moda BoomPro, Sybasonic Better Connectivity USB DAC/Amp
Power Supply EVGA SuperNOVA G3 80+ Gold 750W
Mouse Glorious Model D Wireless
Keyboard Custom Qwertykeys Navy QK80: Sarokeys Strawberry Wine switches, GMK CYL DMG3 keycaps
Another day, another Intel security flaw :rolleyes:

Just curious, what would an exploit of this nature allow someone to do?
 
Joined
Jul 5, 2013
Messages
27,829 (6.68/day)
I said this in the other thread about this new one and I'll echo it here;
Mitigation is the same as any of the rest of the vulnerabilities relating to Intel ME: disable the hardware, uninstall any relating drivers and software and use a network device not wired(built-on) to the motherboard itself. These steps will completely mitigate the vulnerabilities relating to this new discovery.
This of course is a recommendation for general users at home or professional/business users who have no need of the functions IME provides.
Just curious, what would an exploit of this nature allow someone to do?
Complete access and control of the system in question.
 

rtwjunkie

PC Gaming Enthusiast
Supporter
Joined
Jul 25, 2008
Messages
13,995 (2.34/day)
Location
Louisiana
Processor Core i9-9900k
Motherboard ASRock Z390 Phantom Gaming 6
Cooling All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory 32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s) ASUS RTX 4070 Ti Super OC 16GB
Storage 1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s) Infievo 27" 165Hz @ 2560 x 1440
Case Fractal Design Define R4 Black -windowed
Audio Device(s) Soundblaster Z
Power Supply Seasonic Focus GX-1000 Gold
Mouse Coolermaster Sentinel III (large palm grip!)
Keyboard Logitech G610 Orion mechanical (Cherry Brown switches)
Software Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)
I said this in the other thread about this new one and I'll echo it here;

This of course is a recommendation for general users at home or professional/business users who have no need of the functions IME provides.

Complete access and control of the system in question.
So, an add-in NIC card would mitigate it, since it is not built on the motherboard? Or did I misunderstand you?
 
Joined
Oct 19, 2007
Messages
8,259 (1.32/day)
Processor Intel i9 9900K @5GHz w/ Corsair H150i Pro CPU AiO w/Corsair HD120 RBG fan
Motherboard Asus Z390 Maximus XI Code
Cooling 6x120mm Corsair HD120 RBG fans
Memory Corsair Vengeance RBG 2x8GB 3600MHz
Video Card(s) Asus RTX 3080Ti STRIX OC
Storage Samsung 970 EVO Plus 500GB , 970 EVO 1TB, Samsung 850 EVO 1TB SSD, 10TB Synology DS1621+ RAID5
Display(s) Corsair Xeneon 32" 32UHD144 4K
Case Corsair 570x RBG Tempered Glass
Audio Device(s) Onboard / Corsair Virtuoso XT Wireless RGB
Power Supply Corsair HX850w Platinum Series
Mouse Logitech G604s
Keyboard Corsair K70 Rapidfire
Software Windows 11 x64 Professional
Benchmark Scores Firestrike - 23520 Heaven - 3670
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
This is actually incredibly useful for those desiring to overwrite the Intel ME with their own firmware.

If only I had the time...
 
Joined
Aug 17, 2017
Messages
274 (0.10/day)
1: "except the latest 10th generation, Ice Point-based chipsets and SoCs."

2: "remote exploitation is not possible."

that is all that matters to me. doubtful old amd platforms are much better.
 
Top