Intel Vulnerabilities June 2020: What next?

9 June 2020 by UKFast

At 18:00 BST today, Intel® released information on five security advisories detailing ‘fixes or workarounds’ for the latest vulnerabilities found in Intel products.

UKFast’s team has digested this information to answer any questions you may have and to ensure we are in a strong position to mitigate any issues and help our customers.

What are the vulnerabilities?

Special Register Buffer Data Sampling Advisory (CVE-2020-0543) – identified within the SGX instructions of certain generations within the E3 range of CPUs allowing an attacker to potentially gain access to private keys generated by the SGX component.

Intel SSD Advisory (CVE-2020-0527) – vulnerability identified where some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.

Intel Innovation Engine Advisory (CVE-2020-8675) – may allow an unauthenticated user to potentially enable escalation of privileges via physical access.

Intel CSME, SPS, TXE, AMT and DAL Advisory (Various CVEs) – may allow escalation of privilege, denial of service or information disclosure.

BIOS Advisory (CVE-2020-0528, CVE-2020-0529) – may allow escalation of privilege and/or denial of service. 

Which vulnerabilities affect me?

Of the vulnerabilities listed above, only the Special Register Buffer Data Sampling Advisory (CVE-2020-0543) has the potential to affect UKFast customers.

Am I at risk?

While this is a potentially significant compromise, given the limitations presented by SGX in its current implementation it is not a widely used instruction set and is disabled in the bios by default, therefore we believe the risk to UKFast customers of this vulnerability being exploited is very low.

This vulnerability is similar to the previously disclosed transient execution vulnerabilities and does not impact many of Intel’s recent product releases, including the Intel® Xeon® Scalable Processor family.

How is UKFast mitigating Intel vulnerabilities?

UKFast received advanced notification of these vulnerabilities and our team is working incredibly closely with Intel and our other vendors to ensure that we are able to provide patching mitigation where necessary.

For further information about the security advisories please visit www.intel.com/security

Why do the other four vulnerabilities not affect UKFast customers?

• 1 IPU – Intel SSD Advisory (CVE-2020-0527) – UKFast does not operate affected SSD models in our data centres.
• Intel Innovation Engine Advisory (CVE-2020-8675) – UKFast does not operate this chipset in our data centres.
• Intel CSME, SPS, TXE, AMT and DAL Advisory (Various CVEs) – This is using Intel AMT using IPv6, and UKFast do not use this out of band management.
• 1 IPU – BIOS Advisory (CVE-2020-0528, CVE-2020-0529) – This affects solutions with 8th, 9th, 10th Generation Intel(R) Core(TM) Processor which UKFast do not currently have in use for customer solutions.