CVE-2018-12189

Vulnerability

An unhandled exception exists in the Content Protection subsystem of Intel Converged Security Management Engine (CSME) before versions 11.8.60, 11.11.60, 11.22.60, and 12.0.20, and Intel Trusted Execution Engine (TXE) before versions 3.1.60 and 4.0.10 [1]. The vulnerability arises when the subsystem fails to properly handle an exception, potentially leading to memory corruption. The affected code path is reachable by a user with local access and sufficient privileges to interact with the CSME or TXE interfaces.

Exploitation

To exploit this vulnerability, an attacker must have local access to the system and possess elevated privileges (e.g., root or administrator) to trigger the unhandled exception in the Content Protection subsystem [1]. The attacker would need to craft a specific input or operation that causes the exception, bypassing normal error handling. No user interaction beyond the attacker's own actions is required, and the attack does not depend on network access.

Impact

Successful exploitation allows the attacker to modify data within the CSME or TXE memory space [1]. This could lead to corruption of security-sensitive data, such as cryptographic keys or firmware configurations, potentially undermining the integrity of the platform's security features. The attacker gains the ability to alter data at the privilege level of the CSME/TXE, which is higher than the OS kernel.

Mitigation

Intel has released firmware updates to address this vulnerability: CSME versions 11.8.60, 11.11.60, 11.22.60, and 12.0.20, and TXE versions 3.1.60 and 4.0.10 [1]. These updates were made available on or before the advisory publication date of March 12, 2019. System administrators should apply the updates from their device manufacturer. No workaround is available for unpatched systems.