Intel Consumer-Grade CPUs Unfixable Hardware-Level Security Vulnerability Discovered But It Is Difficult To Exploit

Intel CPUs have a newly discovered security vulnerability embedded deep within the hardware. The security flaw appears to be unfixable, and reportedly affects nearly all of Intel’s consumer-grade CPUs, making it one of the largest and most impacting security vulnerabilities of processors.

A newly discovered security vulnerability is at the core of Intel’s ROM of the Intel Converged Security and Management Engine (CSME). Researchers at the Positive Technologies claim to have found the security flaw that appears to be near unfixable by security patches. However, it is also important to note that Intel can block the majority of pathways that can be used to exploit the security flaw. Moreover, the vulnerability is rather complex to exploit, requiring local or physical access to computers running on Intel CPUs.

New Security Vulnerability In Intel CPUs Is Present In Both Hardware And The Firmware Of The Boot ROM:

The newly discovered security flaw lies within the core of Intel’s ROM of the Intel Converged Security and Management Engine (CSME). The Intel CSME forms the basis of the cryptographic core for hardware security technologies developed by Intel and used everywhere. In other words, multiple encrypted platforms such as DRM, fTPM, and Intel Identity Protection can be exploited.

Positive Technologies claims “it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets.” The security research company has offered the below information about the new security vulnerability within Intel CPUs:

  1. The vulnerability is present in both hardware and the firmware of the boot ROM. Most of the IOMMU mechanisms of MISA (Minute IA System Agent) providing access to SRAM (static memory) of Intel CSME for external DMA agents are disabled by default. We discovered this mistake by simply reading the documentation, as unimpressive as that may sound.

 

  1. Intel CSME firmware in the boot ROM first initializes the page directory and starts page translation. IOMMU activates only later. Therefore, there is a period when SRAM is susceptible to external DMA writes (from DMA to CSME, not to the processor main memory), and initialized page tables for Intel CSME are already in the SRAM.

 

  1. MISA IOMMU parameters are reset when Intel CSME is reset. After Intel CSME is reset, it again starts execution with the boot ROM.

Should PC Buyers And Owners Of Computers Running On Intel CPUs Be Concerned About The New ‘Unfixable’ Security Vulnerability?

The newly discovered security vulnerability impacts practically all Intel chipsets ant SoCs available today. Only Intel’s 10th Generation “Ice Point” chips appear to be immune. This means that nearly all of Intel’s consumer-grade processors have the new security flaw.

However, it is important to note that this vulnerability is difficult to exploit. Moreover, Intel can potentially close down many of the vulnerability’s attack vectors. In other words, there are several ways in which attackers can attempt to exploit the flaw in Intel CPUs. But the majority of the attacks will require either a local network or even physical access to the computer running on Intel CPU.

Simply put, the newly discovered flaw cannot be exploited remotely. This significantly limits the impact of the same. This also means the majority of individual computer owners and users who rely on Intel CPUs need not be concerned.

It is the corporations that rely on heavy encryption and security, like banks, content management companies, personal information businesses, and state infrastructure, among others that would have to work with Intel to address the flaw. Quite a few security vulnerabilities have been discovered in Intel CPUs in the past year alone. Meanwhile, AMD, the primary competition to Intel, has a growing reputation of producing highly secure processors and chips that remain immune to hardware-level vulnerabilities.

Alap Naik Desai
A B.Tech Plastics (UDCT) and a Windows enthusiast. Optimizing the OS, exploring software, searching and deploying solutions to strange and weird issues is Alap's main interest.