Intel® 2G Firmware Update for Modems using ETWS

Summary:

Buffer overflow in ETWS processing module Intel® XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network.

Description:

In late February 2018, external security researchers identified and disclosed to Intel a security vulnerability affecting Intel® 2G Modem firmware. The vulnerability affects Intel® 2G Modem products where the Earthquake Tsunami Warning System (ETWS) feature is enabled in Modem firmware. Devices equipped with an affected modem, when connected to a rogue 2G base station where non-compliant 3GPP software may be operational, are potentially at risk.

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L - Score: 8.2 (High)

Affected products:

Affected Intel® 2G Modem firmware products are:

• Intel® XMM71xx
• Intel® XMM72xx
• Intel® XMM73xx
• Intel® XMM74xx
• Sofia 3G
• Sofia 3G-R
• Sofia 3G-R W

Recommendations:

Intel is making firmware updates available to device manufacturers that protect systems from this vulnerability. End users should check with their device manufacturers and apply any available updates as soon as practical.

Acknowledgements:

Intel would like to thank Dr. Ralph Phillip Weinmann and Dr. Nico Golde from Comsecuris for reporting CVE-2018-3624.