Intel CSME, Server Platform Services, Trusted Execution Engine, Intel Active Management Technology and Dynamic Application Loader Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-27716

Potential Impact: Privilege escalation, denial of service, information disclosure

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2019-0131, CVE-2019-0165, CVE-2019-0166, CVE-2019-0168, CVE-2019-0169, CVE-2019-11086, CVE-2019-11087, CVE-2019-11088, CVE-2019-11090, CVE-2019-11097, CVE-2019-11100, CVE-2019-11101, CVE-2019-11102, CVE-2019-11103, CVE-2019-11104, CVE-2019-11105, CVE-2019-11106, CVE-2019-11107, CVE-2019-11108, CVE-2019-11109, CVE-2019-11110, CVE-2019-11131, CVE-2019-11132, CVE-2019-11147

Summary Description:

Potential security vulnerabilities in Intel Converged Security and Manageability Engine (Intel CSME), Server Platform Services, Intel Trusted Execution Engine (Intel TXE), Intel Active Management Technology (Intel AMT), and Intel Dynamic Application Loader (Intel DAL) may allow escalation of privilege, denial of service or information disclosure.

Mitigation Strategy for Customers (what you should do to protect yourself):

Intel recommends updating Intel CSME, Server Platform Services, Trusted Execution Engine, Intel Active Management Technology, and Dynamic Application Loader to the version (or newer) of firmware and software indicated for your model in the Product Impact section below.

Product Impact: