2019.2 IPU – Intel® Processor Graphics SMM Advisory

Summary:

A potential security vulnerability in System Management Mode (SMM) with Intel® Processor Graphics may allow information disclosure.** **Intel is releasing guidance to SMM developers to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2019-0185

Description: Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel® Core™ Processor families; Intel® Xeon® Processor E3-1500 v5 and v6 families; Intel® Xeon® E-2100 and E-2200 Processor families with Intel® Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Products:

• 6th Generation Intel® Core™ Processors
• 7th Generation Intel® Core™ Processors
• 8th Generation Intel® Core™ Processors
• 9th Generation Intel® Core™ Processors
• Intel® Xeon® Processor E3-1500 v5 and v6 Processors
• Intel® Xeon® E-2100 and E-2200 Processors

Recommendations:

Intel recommends that users of the affected products** **update to the latest BIOS version provided by the system manufacturer that addresses this issue.

Acknowledgements:

This issue was found internally by Intel. Intel would like to thank Artem Shishkin, Bill Wager, Edgar Barbosa, Gabriel Negreira Barbosa, Gustavo de Castro Scotti, Jeffrey S Frizzell, Kekai Hu, Rodrigo Axel Monroy, Willem Pinckaers and Rodrigo Rubira Branco (BSDaemon).

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.