Power Management Controller (PMC) Security Advisory

Summary: A potential security vulnerability in power management controller firmware may allow escalation of privilege and/ or information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details CVEID: CVE-2018-3643 Description: A vulnerabili...

CVE-2018-3643

A vulnerability in Power Management Controller firmware in systems using specific IntelR Converged Security and Management Engine CSME before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or IntelR Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative...

CVE-2018-3643

A vulnerability in Power Management Controller firmware in systems using specific IntelR Converged Security and Management Engine CSME before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or IntelR Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative...

Design/Logic Flaw

Existing UEFI setting restrictions for DCI Direct Connect Interface in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces...

CVE-2018-3652

CVE-2018-3652 relates to UEFI DCI (Direct Connect Interface) restrictions on 5th/6th gen Intel Xeon E3, Xeon Scalable, and Xeon D processors. The issue could allow a limited physical presence attacker to access platform secrets via debug interfaces when DCI policy/UEFI controls are in effect. The...