CVE-2020-0545

Name of the Vulnerable Software and Affected Versions: Intel CSME versions prior to 11.8.77 Intel CSME versions prior to 11.12.77 Intel CSME versions prior to 11.22.77 Intel TXE versions prior to 3.1.75 Intel TXE versions prior to 4.0.25 Intel Server Platform Services (SPS) versions prior to SPS E5 04.01.04.380.0 Intel Server Platform Services (SPS) versions prior to SPS SoC-X 04.00.04.128.0 Intel Server Platform Services (SPS) versions prior to SPS SoC-A 04.00.04.211.0 Intel Server Platform Services (SPS) versions prior to SPS E3 04.01.04.109.0 Intel Server Platform Services (SPS) versions prior to SPS E3 04.08.04.070.0

Description: The issue is related to an integer overflow in the subsystem for Intel Converged Security and Manageability Engine, Intel Server Platform Services, and Intel Trusted Execution Engine. This may allow a privileged user to potentially enable denial of service via local access.

Recommendations: For Intel CSME versions prior to 11.8.77, update to version 11.8.77 or later. For Intel CSME versions prior to 11.12.77, update to version 11.12.77 or later. For Intel CSME versions prior to 11.22.77, update to version 11.22.77 or later. For Intel TXE versions prior to 3.1.75, update to version 3.1.75 or later. For Intel TXE versions prior to 4.0.25, update to version 4.0.25 or later. For Intel Server Platform Services (SPS) versions prior to SPS E5 04.01.04.380.0, update to version SPS E5 04.01.04.380.0 or later. For Intel Server Platform Services (SPS) versions prior to SPS SoC-X 04.00.04.128.0, update to version SPS SoC-X 04.00.04.128.0 or later. For Intel Server Platform Services (SPS) versions prior to SPS SoC-A 04.00.04.211.0, update to version SPS SoC-A 04.00.04.211.0 or later. For Intel Server Platform Services (SPS) versions prior to SPS E3 04.01.04.109.0, update to version SPS E3 04.01.04.109.0 or later. For Intel Server Platform Services (SPS) versions prior to SPS E3 04.08.04.070.0, update to version SPS E3 04.08.04.070.0 or later.