Intel CPUs hit with unfixable hardware vulnerability

A vulnerability that's 'impossible' to fix?

Intel CPUs hit with seemingly unfixable vulnerability

Intel CPUs hit with unfixable hardware vulnerability

Researchers over at Positive Technologies have discovered a vulnerability in Intel processors that is seeming unfixable, sitting at the core of Intel's ROM of the Intel Converged Security and Management Engine (CSME).

This is bad news, very bad news, as it impacts practically all Intel chipsets ant SoCs available today, aside from Intel's 10th Generation "Ice Point" chips. This means that practically all of Intel's consumer-grade processors are impacted, and according to Positive Technologies, "it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets."

Positive Technologies is worried that this vulnerability will destroy all trust in Intel's security platform. The Intel CSME "is the cryptographic basis for hardware security technologies developed by Intel and used everywhere, such as DRM, fTPM, and Intel Identity Protection." With this in mind, a vulnerability here has the potential to destroy Intel's security ecosystem and exploit millions of PCs.  

The good news for Intel is that this vulnerability is difficult to exploit, and Intel can potentially close down many of the vulnerability's attack vectors. Positive Technologies believes that there are several ways to exploit this in ROM vulnerability, with some of them requiring local access while others require physical access. 

Below are a few details that Positive Technologies has released about Intel's CSME boot ROM vulnerability. More details will be made available with a "full-length white paper which will be published soon."

The vulnerability is present in both hardware and the firmware of the boot ROM. Most of the IOMMU mechanisms of MISA (Minute IA System Agent) providing access to SRAM (static memory) of Intel CSME for external DMA agents are disabled by default. We discovered this mistake by simply reading the documentation, as unimpressive as that may sound.
2.     Intel CSME firmware in the boot ROM first initializes the page directory and starts page translation. IOMMU activates only later. Therefore, there is a period when SRAM is susceptible to external DMA writes (from DMA to CSME, not to the processor main memory), and initialized page tables for Intel CSME are already in the SRAM.
3.     MISA IOMMU parameters are reset when Intel CSME is reset. After Intel CSME is reset, it again starts execution with the boot ROM.

Intel CPUs hit with unfixable hardware vulnerability  

Right now, it looks like this exploit cannot be exploited remotely, making the impact of this security flaw limited. Even so, a vulnerability within this sector of Intel's security ecosystem is a hugely damaging revelation. 

Intel's security is relied upon by millions of PC users, and chinks in that chain of trust have become all too apparent in recent years. Rarely a month goes by without hearing about a new exploit for Intel processors, a factor that's slowly eroding trust in Intel as a whole. As competition heats up within the CPU market, Intel will need to rebuild trust in its security mechanisms or lose customers to its rivals. 

You can join the discussion on Intel's unfixable vulnerability on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

06-03-2020, 11:37:19

Yeah this looks like something that's of little concern to average users but will be a huge consideration for more likely victims of large sophisticated attacks, I'm sure Intel are already working with banks, businesses, state infrastructure, ect to attempt to find ways to mitigate this but it would definitely be anxiety inducing for both parties(And indeed some may just replace the hardware with an alternative instead if they can).Quote

06-03-2020, 11:40:09


06-03-2020, 14:00:04

Thing going from bad to worse for team blueQuote

06-03-2020, 14:19:58

With all these vulnerabilities in intel CPU's and cumulative patches, it won't be long before they run like 486 SX 25Quote

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.