Intel® Platform Trust Technology (PTT) Update Advisory

Summary:

A potential vulnerability in the Intel® PTT module in Intel® CSME firmware and Intel® TXE firmware may allow information disclosure. Intel is releasing Intel® CSME firmware and Intel® TXE firmware updates to mitigate this potential vulnerability.

Vulnerability Details

CVEID:** **CVE-2018-3659

Description: A vulnerability in Intel® PTT module in Intel® CSME firmware before version 12.0.5 and Intel® TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.

CVSS Base Score:** **6.8 Medium

CVSS Vector:** **CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

Intel® CSME:

Updated Intel® CSME Firmware version

|

Replaces Intel® CSME Firmware version

12.0.6

|

12.0 through 12.0.5

Intel® Trusted Execution Engine (TXE)

Updated TXE Firmware version

|

Replaces TXE Firmware version

3.1.55

|

3.0 through 3.1.50

4.0.5

|

4.0.0

Recommendations:

Intel recommends that users of Intel® CSME and Intel® Trusted Execution Engine (TXE) update to the latest version provided by the system manufacturer that addresses these issues.

Acknowledgements:

This issue was found internally by Intel.