Pierluigi Paganini March 07, 2020

A new vulnerability, tracked as CVE-2019-0090, affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology.

Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years. The flaw is currently defined as unpatchable and could be exploited by attackers to bypass hardware-enabled security technology.

The CVE-2019-0090 vulnerability affects the firmware running on the ROM of the Intel’s Converged Security and Management Engine (CSME). Experts explain that the only way to address the issue it to replace the vulnerable chips.

“Positive Technologies specialists have discovered an error in Intel hardware, as well as an error in Intel CSME firmware at the very early stages of the subsystem’s operation, in its boot ROM. Intel CSME is responsible for initial authentication of Intel-based systems by loading and verifying all other firmware for modern platforms.” reads the advisory published by the experts. “For instance, Intel CSME interacts with CPU microcode to authenticate UEFI BIOS firmware using BootGuard. Intel CSME also loads and verifies the firmware of the Power Management Controller responsible for supplying power to Intel chipset components.”

Intel CSME is the cryptographic basis for hardware-enabled security technology developed by Intel that implements an enclave protected from the host opening system running on the CPU.

The flaw could be exploited by attackers to extract the Chipset Key, which is a sort of master cryptographic key that can grant an attacker access to feature on a device, and manipulating part of the hardware key and the process of its generation. 

Access to the Chipset Key could allow attackers to decrypt traffic and other sensitive data, and to bypass DRM protections.

“Intel’s security is designed so that even arbitrary code execution in any Intel CSME firmware module would not jeopardize the root cryptographic key (Chipset Key),” the experts said. “Unfortunately, no security system is perfect. Like all security architectures, Intel’s had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys.”

Intel attempted to address the flaw, but security patches it has made available are incomplete and could not defend systems from sophisticated attacks.

The vulnerability in the Intel CSME firmware could be exploited by a local attacker at early booting.

“The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets,” continues the researchers.

“The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”

The CVE-2019-0090 vulnerability affects Intel CSME versions 11.x, Intel CSME version 12.0.35, Intel TXE versions 3.x, 4.x, and Intel Server Platform Services versions 3.x, 4.x, SPS_E3_05.00.04.027.0.

Only Intel 10th generation processors, Ice Point chipsets and SoCs, are not affected by the flaw.

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2019-0090)

[adrotate banner=”5″]

[adrotate banner=”13″]