2020.1 INTEL PLATFORM UPDATE (IPU)
Intel 2020.1 IPU covering Intel® CSME, SPS, TXE, AMT & DAL updates, Intel® Firmware (BIOS) updates, Intel® Processor Microcode (MCU) updates and Intel® SSD updates
Fujitsu Communication
Original release: June 11, 2020
Advisory Description
INTEL-SA-00295:2020.1 IPU – Intel® CSME, SPS, TXE, AMT & DAL Advisory
Advisory Description INTEL-SA-00295: 2020.1 IPU – Intel® CSME, SPS, TXE, AMT & DAL Advisory Multiple potential security vulnerabilities in Intel® Converged Security and Management Engine (Intel® CSME), Server Platform Services (Intel® SPS) , Trusted Execution Engine (Intel® TXE), Intel® Active Management Technology (Intel® AMT) and Intel® Dynamic Application Loader (Intel® DAL) may allow a denial of service, Information disclosure or an escalation of privilege. The detailed description of the vulnerabilities with at least a high or critical CVSS base score is as follows:
CVE-2020-0532: Improper input validation in subsystem for Intel® AMT versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.
CVE-2020-0533: Reversible one-way hash in Intel® CSME versions before 11.8.76, 11.12.77, 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
CVE-2020-0534: Improper input validation in DAL subsystem for Intel® CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2020-0538: validation in subsystem for Intel® AMT versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2020-0542: Improper buffer restrictions in subsystem for Intel® CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial
of service via local access.
CVE-2020-0566: Improper Access Control in subsystem for Intel® TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2020-0586: Improper initialization in subsystem for Intel® SPS versions before SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and denial of service
via local access.
CVE-2020-0594: Out-of-bounds read in IPv6 subsystem in Intel® AMT, Intel® ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2020-0595: Use after free in IPv6 subsystem in Intel® AMT, Intel® ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2020-0596: Improper input validation in DHCPv6 subsystem in Intel® AMT, Intel® ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
Potential Impact:
According to the information provided the potential impact of INTEL-SA-00295 is:
Denial of Service, Information Disclosure, Privilege Escalation
INTEL-SA-00322: 2020.1 IPU – Intel® Firmware (BIOS) Advisory
Multiple potential security vulnerabilities in BIOS firmware for Intel® Processors may allow a denial of service and /or an escalation of privilege. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE-2020-0528: Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th, 10th Generation Intel® Core™ Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.
CVE-2020-0529: Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel® Core™ Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.Potential Impact:
According to the information provided the potential impact of INTEL-SA-00322 is:
Denial of Service, Privilege Escalation
INTEL-SA-00320: 2020.1 IPU – Intel® Special Register Buffer Data Sampling (SRBDS) Advisory
A potential security vulnerability in some Intel® Processors may allow information disclosure. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE-2020-0543: Incomplete cleanup from specific special register read operations in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.
The audience may please refer to further publications by manufacturer Intel® on the 2020.1 IPU – Intel® Special Register Buffer Data Sampling (SRBDS) Advisory, such as the corresponding article Deep Dive: Special Register Buffa Data Sampling, for additional technical details about SRBDS.
Potential Impact:
According to the information provided the potential impact of INTEL-SA-00320 is:
Information Disclosure
2020.1 IPU – Intel® Processor Microcode (MCU) Updates
Additionally, multiple functional updates took place in Intel® Processor Microcode (MCU), affecting server EX/EP products (incl. D, W, X) and referring to:
CLX Patch Load Issue : CLX PRQ. Late patch load overrides perf. MSR (CLX)
MD_Clear Operations Errata for CLX : 2019.2 TAA fix allows some data leakage (CLX)
Temperature Based Voltage Compensation: Voltage guardband (CLX)
OC Mailbox preset : Removes requirement for BIOS loading of the 2019.2 OC Mailbox fix (SKX)
ADC/ADDDC : Bug in ADC/ADDDC. M to M timing (SKX/CLX)
MCA Recovery : Enable MCA recovery feature on std. RAS SKUs (SKX/CLX) (reboot required)
Higher rates of memory errors have been observed on Intel's Skylake (SKX SP) and Cascade Lake (CLX SP) based server platforms (code named Purley). Mitigations and workarounds are focused in the following area:
ECC Coverage: As a result of reallocating metadata bits to other features in SKX & CLX, Intel® modified the ECC algorithms to maximize full device coverage with available bits
Rank Switching Speed Path: In 2017, Intel® provided a mitigation for a rank switching speed path marginality via a patch. Subsequent observations by Intel® suggested the patch did not fully address the issue. IPU 2020.1 BIOS option Receive Enable Average is turned off by default (recommended).
RAS: Additionally, Intel has discovered three issues (Mesh 2 Mem Timeout, Incomplete Sparing (UEFI) and Rank Sparing Hang (UEFI)) in its Virtual Lockstep RAS (Reliability, Availability, Scalability) features used to enhance memory error correction (ADC & ADDDC). The RAS feature updates include: MCA Recovery, Advanced Memory
Test and Post Package Repair.
There were no additional CVEs assigned to these FUNCTIONAL updates.
INTEL-SA-00266: 2020.1 IPU – Intel® SSD Advisory
A potential security vulnerability in Intel® SSD (Solid State Drive) products may allow information disclosure. The detailed description of the vulnerabilities with at least a high or critical CVSS base score is as follows:
CVE-2020-0527: Insufficient control flow management in firmware in some Intel® Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.
Potential Impact:
According to the information provided the potential impact of INTEL-SA-00266 is:
Information Disclosure
CVE Reference (INTEL-SA-00295, INTEL-SA-00322, INTEL-SA-00320, INTEL-SA-00329, INTEL-SA-00266)
INTEL-SA-00295: 2020.1 IPU – Intel® CSME, SPS, TXE, AMT & DAL Advisory
The description of the vulnerabilities with at least a high or critical CVSS base score is as follows:
VE Number | CVSS Base Score |
---|---|
CVE-2020-0532 | 7.1 (High) |
CVE-2020-0533 | 7.5 (High) |
CVE-2020-0534 | 7.5 (High) |
CVE-2020-0538 | 7.5 (High) |
CVE-2020-0542 | 7.8 (High) |
CVE-2020-0566 | 7.3 (High) |
CVE-2020-0586 | 8.4 (High) |
CVE-2020-0594 | 9.8 (Critical) |
CVE-2020-0595 | 9.8 (Critical) |
CVE-2020-0596 | 7.5 (High) |
INTEL-SA-00322: 2020.1 IPU – Intel® Firmware (BIOS) Advisory
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
CVE-2020-0528 | 7.5 (High) |
CVE-2020-0529 | 5.7 (Medium) |
INTEL-SA-00320: 2020.1 IPU – Intel® Special Register Buffer Data Sampling (SRBDS) Advisory
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
CVE-2020-0543 | 6.5 (Medium) |
INTEL-SA-00329: 2020.1 IPU – Intel® Processors Data Leakage (PDL) Advisory
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
CVE-2020-0549 | 6.5 (Medium) |
INTEL-SA-00266: 2020.1 IPU – Intel® SSD Advisory
The description of the vulnerabilities with at least a high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
CVE-2020-0527 | 7.9 (High) |
Links for Technical Details
Technical details of the potential security vulnerabilities and functional issues are documented online:
https://security-center.intel.com
Affection and Remediation
Affected Fujitsu Products
A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched.
An overview of the affected Client Computing Devices (e.g. CELSIUS, ESPRIMO, FUTRO, LIFEBOOK, STYLISTIC) and Server products (PRIMERGY and PRIMEQUEST) can be found here:
This page will be updated regularly as soon as new information is available. Besides a list of affected systems, also more detailed advice will follow.
NOTE: Intel® Security Advisories INTEL-SA-00330, INTEL-SA-00334 and INTEL-SA-00366 are not part of this 2020.1 Intel Platform Update (IPU).
Affected Fujitsu products are listed below. For detailed information on the Fujitsu-approved remedy, please refer to the official 2020.1 INTEL PLATFORM UPDATE (IPU) info , as well as to the official Intel® security advisories (INTEL-SA-00295,INTEL-SA-00322, INTEL-SA-00320, INTEL-SA-00329 and INTEL-SA-00266)
LIFEBOOK
Model Name | New Bios ( with Fix ) | Bios Release date | NEW FIXED DRIVER | DRIVER Release date |
---|---|---|---|---|
List of LIFEBOOK AH556-UMA | V1.28 | t.b.d | -/- | -/- |
List of LIFEBOOK AH556-VGA | V1.28 | t.b.d | -/- | -/- |
LIFEBOOK AH557 | -/- | -/- | -/- | -/- |
LIFEBOOK E448 / E458 | V1.18 | t.b.d | 2012.14.0.1517 | cw 28 |
LIFEBOOK E449 / E459 | V1.06 | t.b.d | 2012.14.0.1517 | cw 28 |
LIFEBOOK E549 | V2.15 | cw 32 | 2013.14.0.1529 | cw 28 |
LIFEBOOK E556/E546(Non-Vpro) | V1.33 | cw 34 | 2012.14.0.1517 | cw 28 |
LIFEBOOK E556/E546(Vpro) | V1.24 | cw 34 | -/- | -/- |
LIFEBOOK E557/E547(Non-Vpro) | V1.16 | cw 32 | -/- | -/- |
LIFEBOOK E557/E547(Vpro) | V1.20 | cw 32 | -/- | -/- |
LIFEBOOK E558/E548 | V1.18 | cw 32 | 2012.14.0.1517 | cw 28 |
LIFEBOOK E559 | V2.15 | cw 32 | 2013.14.0.1529 | cw 28 |
LIFEBOOK E736/E746/E756 (Non-Vpro) | V1.37 | cw 34 | 2012.14.0.1517 | cw 28 |
LIFEBOOK E736/E746/E756 (Vpro) | V1.28 | cw 34 | -/- | -/- |
LIFEBOOK E5410 | -/- | t.d.b. | 1952.14.0.1470v3 | cw 28 |
LIFEBOOK E5510 | -/- | t.d.b. | 1952.14.0.1470v3 | cw 28 |
LIFEBOOK P727 | V1.20 | cw 33 | 2012.14.0.1517 | cw 28 |
LIFEBOOK P728 | V1.16 | cw 33 | 2012.14.0.1517 | cw 28 |
LIFEBOOK S935 | V1.20 | t.b.d | -/- | -/- |
LIFEBOOK S936 | V1.23 | t.b.d | -/- | -/- |
LIFEBOOK S937 | V1.15 | t.b.d | 2012.14.0.1517 | cw 28 |
LIFEBOOK S938 | V1.16 | t.b.d | 2012.14.0.1517 | cw 28 |
LIFEBOOK T725 | V1.22 | t.b.d | -/- | -/- |
LIFEBOOK T726 | V1.21 | cw 34 | 2012.14.0.1517 | cw 28 |
LIFEBOOK T935 | V1.22 | t.b.d | -/- | -/- |
LIFEBOOK T936 | V1.21 | cw 34 | 2012.14.0.1517 | cw 28 |
LIFEBOOK T937 | V1.21 | cw 34 | 2012.14.0.1517 | cw 28 |
LIFEBOOK T938 | V1.15 | cw 34 | 2012.14.0.1517 | cw 28 |
LIFEBOOK U536 | V1.20 | t.b.d | -/- | -/- |
LIFEBOOK U727/U747/U757 | V1.26 | cw 34 | 2012.14.0.1517 | cw 28 |
LIFEBOOK U727/U747/U757(6th gen.) | V1.12 | cw 34 | 2012.14.0.1517 | cw 28 |
LIFEBOOK U728/U748/U758 | V1.20 | cw 34 | 2012.14.0.1517 | cw 28 |
LIFEBOOK U729/U749/U759 | V2.16 | cw 33 | 2013.14.0.1529 | cw 28 |
LIFEBOOK U729X | V2.11 | cw 33 | 2013.14.0.1529 | cw 28 |
LIFEBOOK U745 | V1.25 | t.b.d | -/- | -/- |
LIFEBOOK U7310 | -/- | t.b.d | 1952.14.0.1470v3 | cw 28 |
LIFEBOOK U7410 | -/- | t.b.d | 1952.14.0.1470v3 | cw 28 |
LIFEBOOK U7510 | -/- | t.b.d | 1952.14.0.1470v3 | cw 28 |
LIFEBOOK U937 | V1.18 | cw 32 | 2012.14.0.1517 | cw 28 |
LIFEBOOK U938 | V1.21 | cw 31 | 2012.14.0.1517 | cw 28 |
LIFEBOOK U939 ( W/ALT) | V2.14 | cw 32 | -/- | -/- |
LIFEBOOK U939 ( W/TBT) | V2.14 | cw 32 | 2013.14.0.1529 | cw 28 |
LIFEBOOK U939X ( W/ALT) | V2.12 | cw 32 | -/- | -/- |
LIFEBOOK U939X ( W/TBT) | V2.14 | cw 32 | 2013.14.0.1529 | cw 28 |
STYLISTIC
Model Name | New Bios ( with Fix ) | Bios Release date | NEW FIXED DRIVER | DRIVER Release date |
---|---|---|---|---|
STYLISTIC Q509 | V1.24 | cw 36 | 1924.4.0.1062v2 | cw 28 |
STYLISTIC Q616 | V1.17 | cw 34 | 2012.14.0.1517 | cw 28 |
STYLISTIC Q665 | V1.19 | cw 36 | -/- | -/- |
STYLISTIC Q775 | V1.23 | cw 36 | -/- | -/- |
STYLISTIC Q736 | V1.20 | cw 34 | 2012.14.0.1517 | cw 28 |
STYLISTIC Q737 | V1.17 | cw 36 | 2012.14.0.1517 | cw 28 |
STYLISTIC Q738 | V1.12 | cw 32 | 2012.14.0.1517 | cw 28 |
STYLISTIC Q739 | V2.11 | cw 32 | 2013.14.0.1529 | cw 28 |
STYLISTIC R726(Non-Vpro) | V1.24 | cw 32 | 2012.14.0.1517 | cw 28 |
STYLISTIC R726(Vpro) | V1.24 | cw 32 | 2012.14.0.1517 | cw 28 |
CELSIUS (Mobile)
Model Name | New Bios ( with Fix ) | Bios Release date | NEW FIXED DRIVER | DRIVER Release date |
---|---|---|---|---|
CELSIUS H760 | V1.30 | t.b.d | 2012.14.0.1517 | cw 28 |
CELSIUS H770 | V1.20 | t.b.d | 2012.14.0.1517 | cw 28 |
CELSIUS H780 | V1.19 | t.b.d | 2013.14.0.1529 | cw 28 |
CELSIUS H970 | V1.17 | t.b.d | 2012.14.0.1517 | cw 28 |
*1: Dates are subject to change
*2: Please apply mentioned version or newer version.
*3. cw: calendar week / TBD : to be defined
CELSIUS (WorkStation) | Please refer to the following site.
<https://support.ts.fujitsu.com/content/Fujitsu-PSIRT-PMD-IS-2019-121916.asp?lng=COM> |
---|---|
ESPRIMO (Desktop) | |
FUTRO (Thin-Client) |
NOTE: Intel® Security Advisories INTEL-SA-00330, INTEL-SA-00334 and INTEL-SA-00366 are not part of this 2020.1 Intel Platform Update (IPU).
Recommended Steps for Remediation |
Remediation via BIOS Update |
Step 1: Determine whether you have an affected system. |
Refer to the https://www.fujitsu.com/hk/support/products/computing/pc/ap/ . This list is updated regularly.
|
Step 2: Download and install the BIOS update package. |
To download and install the BIOS update package, please go to the http://www.fujitsu-pc-asia.com/driversupport/selectioninterface/selection.html and follow these steps:
|
Remediation via Management Engine (ME) Update
Updating the ME firmware is an alternative to updating the BIOS and used when a BIOS update is not planned. However, it may only be available for some specific Client Computing Devices.
Step 1: Determine whether you have an affected system. | ||
Refer to the https://www.fujitsu.com/hk/support/products/computing/pc/ap/ . This list is updated regularly.
| ||
Step 2: Download and install the BIOS update package. | ||
To download and install the BIOS update package, please go to the http://www.fujitsu-pc-asia.com/driversupport/selectioninterface/selection.html and follow these steps:
| ||
| ||
Step 4: ME Update Procedure. | ||
The "Firmware.ME" directory contains the ME update files which can be used in Windows environment. Run "update.bat"
|
Hints:
- To run the ME Update procedure using a Windows installation, it is necessary to have the Windows "HECI" driver installed. Please use the Intel(R) Active Management Technology Driver package for Windows.
- To run the ME update procedure, using a Windows PE installation, it is necessary to have the Windows "HECI" driver installed. This can be done at runtime by executing "drvload.exe \HECI.INF". The "HECI" driver can be extracted from the Intel® Active Management Technology (Intel® AMT) Driver Package for Windows.
Links for Software Security Updates |
Vendor Fujitsu |
Vendor Intel |
Further Information |
Contact Details |
Should you require any further security-related assistance, please contact: fpca-hk.cs@hk.fujitsu.com |
Legal Statement |
Fujitsu does not manufacture the affected microprocessors, that Fujitsu buys from third party suppliers and integrates into its products. Therefore, this communication is based on the information and recommendations Fujitsu has received from the third party suppliers of the affected microprocessors.
|
Designations may be protected by trademarks and/or copyrights of Fujitsu or the respective owners, the use of which by third parties for their own purposes may infringe the rights of such owners.