CVE-2020-8744

Name of the Vulnerable Software and Affected Versions: Intel CSME versions prior to 12.0.70 Intel CSME versions prior to 13.0.40 Intel CSME versions prior to 13.30.10 Intel CSME versions prior to 14.0.45 Intel CSME versions prior to 14.5.25 Intel TXE versions prior to 4.0.30 Intel SPS versions prior to E3 05.01.04.200

Description: The issue is related to improper initialization in a subsystem, which may allow a privileged user to potentially enable escalation of privilege via local access. This is due to insufficient access control in the Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS).

Recommendations: For Intel CSME versions prior to 12.0.70, update to version 12.0.70 or later. For Intel CSME versions prior to 13.0.40, update to version 13.0.40 or later. For Intel CSME versions prior to 13.30.10, update to version 13.30.10 or later. For Intel CSME versions prior to 14.0.45, update to version 14.0.45 or later. For Intel CSME versions prior to 14.5.25, update to version 14.5.25 or later. For Intel TXE versions prior to 4.0.30, update to version 4.0.30 or later. For Intel SPS versions prior to E3 05.01.04.200, update to version E3 05.01.04.200 or later.