CVE-2019-11087

Name of the Vulnerable Software and Affected Versions Intel(R) CSME versions prior to 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10, and 14.0.10 Intel(R) TXE versions prior to 3.1.70 and 4.0.20

Description The issue is related to insufficient input validation in the Intel(R) CSME and Intel(R) TXE subsystems, which may allow a privileged user to potentially enable escalation of privilege, information disclosure, or denial of service via local access. This could lead to the disclosure of protected information, privilege escalation, or service disruption.

Recommendations For Intel(R) CSME versions prior to 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10, and 14.0.10, update to version 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10, or 14.0.10, respectively. For Intel(R) TXE versions prior to 3.1.70 and 4.0.20, update to version 3.1.70 or 4.0.20, respectively. As a temporary workaround, consider restricting local access to the subsystems until a patch is applied.