CVE-2020-0539

Name of the Vulnerable Software and Affected Versions: Intel(R) CSME versions prior to 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 Intel(R) TXE versions prior to 3.1.75, 4.0.25

Description: The issue is related to a path traversal vulnerability in the Intel Dynamic Application Loader (DAL) subsystem for Intel Converged Security and Manageability Engine (CSME) and Intel Trusted Execution Engine (TXE) software. This vulnerability may allow an unprivileged user to potentially enable denial of service via local access. The vulnerability is caused by incorrect restriction of access to a directory with limited access.

Recommendations: For Intel(R) CSME versions prior to 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33, update to version 11.8.77 or later, 11.12.77 or later, 11.22.77 or later, 12.0.64 or later, 13.0.32 or later, 14.0.33 or later. For Intel(R) TXE versions prior to 3.1.75, 4.0.25, update to version 3.1.75 or later, 4.0.25 or later. As a temporary workaround, consider restricting access to the vulnerable subsystem until a patch is available.