K13710800 : Intel CSME and SPS vulnerability CVE-2019-0093

Security Advisory Description

Insufficient data sanitization vulnerability in HECI subsystem for Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel® SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access. (CVE-2019-0093)

Impact

This vulnerability with Converged Security and Management Engine (CSME) and Server Platform Services (SPS) may allow a locally authenticated user to disclose information.