On November 10, 2020, Intel released information for security advisory INTEL-SA-00391. This information was released as part of Intel's regular product update process.
The security advisory discloses that potential security vulnerabilities in Intel® Converged Security and Manageability Engine (Intel® CSME), Intel® Server Platform Services (Intel® SPS), Intel® Trusted Execution Engine (Intel® TXE), Intel® Active Management Technology (Intel® AMT), Intel® Standard Manageability, and Intel® Dynamic Application Loader (Intel® DAL) may allow escalation of privilege, denial of service, or information disclosure.
Intel is releasing firmware and software updates to mitigate these potential vulnerabilities in:
Intel is not releasing updates to mitigate these potential vulnerabilities, and Intel has issued a Product Discontinuation Notice for the Intel® DAL SDK.
Refer to the public security advisory INTEL-SA-00391 for complete details on the Common Vulnerabilities and Exposures (CVEs) and Common Vulnerability Scoring System (CVSS) scores.
Additional information is available at our Security Blog
Affected products
Intel® Converged Security and Management Engine (Intel® CSME), Intel® Active Management Technology (Intel® AMT), Intel® Standard Manageability:
Updated version | Replaces version | Component |
11.8.82 | 11.0 through 11.8.80 | Intel® Converged Security and Management Engine (Intel® CSME), Intel® AMT, Intel® Standard Manageability |
11.11.82 | 11.10 through 11.11.80 | Intel® CSME, Intel® AMT, Intel® Standard Manageability |
11.22.82 | 11.20 through 11.22.80 | Intel® CSME, Intel® AMT, Intel® Standard Manageability |
12.0.70 | 12.0 through 12.0.69 | Intel® CSME, Intel® AMT, Intel® Standard Manageability |
14.0.45 | 14.0.0 through 14.0.44 | Intel® CSME, Intel® AMT, Intel® Standard Manageability |
14.5.25 | 14.5.0 through 14.5.24 | Intel® CSME, Intel® AMT, Intel® Standard Manageability |
SPS_E5_04.04.04.400 | All previous SPS_E5_04 versions | Intel® Server Platform Services (Intel® SPS) |
SPS_SoC-X_04.00.04.200 | All previous SPS_SoC-X_04 versions | Intel® SPS |
SPS_SoC-A_04.00.04.300 | All previous SPS_SoC-A_04 versions | Intel® SPS |
SPS_E3_04.01.04.200 | All previous SPS_E3_04 versions | Intel® SPS |
SPS_E3_05.04.200 | All previous SPS_E3_05 versions | Intel® SPS |
3.1.80 | 3.1.0 through 3.1.79 | Intel® Trusted Execution Engine (Intel® TXE) |
4.0.30 | 4.0.0 through 4.0.29 | Intel® TXE |
Note | Intel® Manageability Engine (Intel® ME) 3.x through 10.x firmware versions are no longer supported. There are no new releases planned for these versions. Additional information on CVE-2020-8705 with systems running Intel® Converged Security and Management Engine (Intel® CSME) version 11.8.x. 11.12.x, or 11.22.x CVE-2020-8705 only applies to systems with Intel® Boot Guard enabled by the system manufacturer. If your system has Intel Boot Guard enabled, the Intel CSME version 11.8.82.0, 11.12.82.0, or 11.22.82.0 (or later) is required for mitigation. If your system does not have Intel Boot Guard enabled, Intel CSME version 11.8.80, 11.12.80, or 11.22.80 (or later) is sufficient to mitigate the other vulnerabilities in SA-00391. Check with your system manufacturer to verify if Intel Boot Guard is enabled on your system. Use the Intel® Converged Security and Management Engine Version Detection Tool (Intel® CSMEVDT) to determine the CSME version installed on your system. |
Recommendations
Contact your system or motherboard manufacturer to obtain a firmware or BIOS update that addresses this vulnerability. Intel cannot provide updates for systems or motherboards from other manufacturers.
Frequently Asked Questions
Click or the topic for details:
If you have additional questions on this issue, contact Intel Customer Support.