At 18:00 BST today, Intel® released information on five security advisories detailing ‘fixes or workarounds’ for the latest vulnerabilities found in Intel products.
UKFast’s team has digested this information to answer any questions you may have and to ensure we are in a strong position to mitigate any issues and help our customers.
Special Register Buffer Data Sampling Advisory (CVE-2020-0543) – identified within the SGX instructions of certain generations within the E3 range of CPUs allowing an attacker to potentially gain access to private keys generated by the SGX component.
Intel SSD Advisory (CVE-2020-0527) – vulnerability identified where some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.
Intel Innovation Engine Advisory (CVE-2020-8675) – may allow an unauthenticated user to potentially enable escalation of privileges via physical access.
Intel CSME, SPS, TXE, AMT and DAL Advisory (Various CVEs) – may allow escalation of privilege, denial of service or information disclosure.
BIOS Advisory (CVE-2020-0528, CVE-2020-0529) – may allow escalation of privilege and/or denial of service.
Of the vulnerabilities listed above, only the Special Register Buffer Data Sampling Advisory (CVE-2020-0543) has the potential to affect UKFast customers.
While this is a potentially significant compromise, given the limitations presented by SGX in its current implementation it is not a widely used instruction set and is disabled in the bios by default, therefore we believe the risk to UKFast customers of this vulnerability being exploited is very low.
This vulnerability is similar to the previously disclosed transient execution vulnerabilities and does not impact many of Intel’s recent product releases, including the Intel® Xeon® Scalable Processor family.
UKFast received advanced notification of these vulnerabilities and our team is working incredibly closely with Intel and our other vendors to ensure that we are able to provide patching mitigation where necessary.
For further information about the security advisories please visit www.intel.com/security