[nexa] CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Giacomo Tesio giacomo at tesio.it
Mon Mar 9 18:01:22 CET 2020


A new vulnerability, tracked as CVE-2019-0090, affects all Intel chips
that could allow attackers to bypass every hardware-enabled security

Security experts from Positive Technologies warn of a new
vulnerability, tracked as CVE-2019-0090, that affects all Intel
processors that were released in the past 5 years. The flaw is
currently defined as unpatchable and could be exploited by attackers
to bypass hardware-enabled security technology.

The CVE-2019-0090 vulnerability affects the firmware running on the
ROM of the Intel’s Converged Security and Management Engine (CSME).
Experts explain that the only way to address the issue it to replace
the vulnerable chips.

“Positive Technologies specialists have discovered an error in Intel
hardware, as well as an error in Intel CSME firmware at the very early
stages of the subsystem’s operation, in its boot ROM. Intel CSME is
responsible for initial authentication of Intel-based systems by
loading and verifying all other firmware for modern platforms.” reads
the advisory published by the experts. “For instance, Intel CSME
interacts with CPU microcode to authenticate UEFI BIOS firmware using
BootGuard. Intel CSME also loads and verifies the firmware of the
Power Management Controller responsible for supplying power to Intel
chipset components.”

Intel CSME is the cryptographic basis for hardware-enabled security
technology developed by Intel that implements an enclave protected
from the host opening system running on the CPU.

The flaw could be exploited by attackers to extract the Chipset Key,
which is a sort of master cryptographic key that can grant an attacker
access to feature on a device, and manipulating part of the hardware
key and the process of its generation.

Access to the Chipset Key could allow attackers to decrypt traffic and
other sensitive data, and to bypass DRM protections.

“Intel’s security is designed so that even arbitrary code execution in
any Intel CSME firmware module would not jeopardize the root
cryptographic key (Chipset Key),” the experts said. “Unfortunately, no
security system is perfect. Like all security architectures, Intel’s
had a weakness: the boot ROM, in this case. An early-stage
vulnerability in ROM enables control over reading of the Chipset Key
and generation of all other encryption keys.”

Intel attempted to address the flaw, but security patches it has made
available are incomplete and could not defend systems from
sophisticated attacks.

The vulnerability in the Intel CSME firmware could be exploited by a
local attacker at early booting.

“The problem is not only that it is impossible to fix firmware errors
that are hard-coded in the Mask ROM of microprocessors and chipsets,”
continues the researchers.

“The larger worry is that, because this vulnerability allows a
compromise at the hardware level, it destroys the chain of trust for
the platform as a whole.”

The CVE-2019-0090 vulnerability affects Intel CSME versions 11.x,
Intel CSME version 12.0.35, Intel TXE versions 3.x, 4.x, and Intel
Server Platform Services versions 3.x, 4.x, SPS_E3_05.

Only Intel 10th generation processors, Ice Point chipsets and SoCs,
are not affected by the flaw.

More information about the nexa mailing list