2021.2 INTEL PLATFORM UPDATE (IPU)
Intel 2021.2 IPU covering Intel® SPS, AMT & PMC updates, Intel® Firmware (BIOS) updates, Intel® Processor Microcode (MCU) updates
Fujitsu Communication
Original release:8 Feb 2022
Fujitsu PSIRT ID:PSS-IS-2021-052110
Advisory Description
INTEL-SA-00470: 2021.2 IPU – Intel® SPS, AMT and PMC Advisory
Multiple potential security vulnerabilities in the Intel® Server Platform Services (Intel® SPS), Intel® Active Management Technology (Intel® AMT) and Intel® Power Management Controller (Intel® PMC) may allow a denial of service and/or an escalation of privilege. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE-2021-0060: Insufficient compartmentalization in HECI subsystem for Intel® SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0 and SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access.
CVE-2021-33068: Null pointer dereference in subsystem for Intel® AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.
CVE-2021-0147: Improper locking in the Power Management Controller (PMC) for some Intel® Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access.
Potential Impact: According to the information provided the potential impact of INTEL-SA-00470 is:
Denial of Service, Privilege Escalation
INTEL-SA-00527: 2021.2 IPU – Intel® Firmware (BIOS) Advisory
Multiple potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow a denial of service, information disclosure or an escalation of privilege. The detailed description of the vulnerabilities with at least a low, medium, high or critical CVSS base score is as follows:
CVE-2021-0103: Insufficient control flow management in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2021-0114: Unchecked return value in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2021-0115: Buffer overflow in the firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-0116: Out-of-bounds write in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2021-0117: Pointer issues in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2021-0118: Out-of-bounds read in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2021-0099: Insufficient control flow management in the firmware for some Intel® Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVE-2021-0156: Improper input validation in the firmware for some Intel® Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVE-2021-0111: NULL pointer dereference in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
CVE-2021-0107: Unchecked return value in the firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-0125: Improper initialization in the firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
CVE-2021-0124: Improper access control in the firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
CVE-2021-0119: Improper initialization in the firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via physical access.
CVE-2021-0092: Improper access control in the firmware for some Intel® Processors may allow a privileged user to potentially enable a denial of service via local access.
CVE-2021-0091: Improper access control in the firmware for some Intel® Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access.
CVE-2021-0093: Incorrect default permissions in the firmware for some Intel® Processors may allow a privileged user to potentially enable a denial of service via local access.
Potential Impact: According to the information provided the potential impact of INTEL-SA-00527 is:
Denial of Service, Information Disclosure, Privilege Escalation
INTEL-SA-00532: 2021.2 IPU – Intel® Processor Breakpoint Control Flow (PBCF) Advisory
A potential security vulnerability in some Intel® processors may allow a denial of service. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE-2021-0127: Insufficient control flow management in some Intel® processors may allow an authenticated user to potentially enable a denial of service via local access.
Potential Impact: According to the information provided the potential impact of INTEL-SA-00532 is:
Denial of Service
INTEL-SA-00561: 2021.2 IPU – Intel® Processor Shared Resource Advisory (PSRA) Advisory
Multiple potential security vulnerabilities in some Intel® Processors may allow information disclosure. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE-2021-0145: Improper initialization of shared resources in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.
Potential Impact: According to the information provided the potential impact of INTEL-SA-00561 is:
Information Disclosure
INTEL-SA-00589: 2021.2 IPU – Intel® Atom® Processor Advisory
A potential security vulnerability in some Intel® Atom® Processors may allow may allow a denial of service and/or information disclosure. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE-2021-33120: Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom® Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access.
Potential Impact: According to the information provided the potential impact of INTEL-SA-00589 is:
Denial of Service, Information Disclosure
2021.2 IPU – Intel® Processor Microcode (MCU) and Intel® Firmware (BIOS) Functional Updates
Additionally, multiple functional updates took place in Intel® Processor Microcode (MCU) and BIOS/Kernel, affecting products/architectures ACF, ADL+, BDX, BFL, CFL, CLX, CML, CPX, DNV, GFL, GLK+, HWL, ICL, ICX+, LKF, RKL, SKL+, SKX/+/-D, TGL, referring to:
2nd Generation Xeon Memory Mode Machine Check Issue: Systems with 2nd Generation Intel® Xeon® Scalable Processors may machine check when using Intel® Optane Persistent Memory 100 Series in Memory Mode or Mixed Mode. (CLX)
System May Hang or Reboot Unexpectedly Due To System Stress: Under a complex set of microarchitectural conditions certain processors may incorrectly recover from a mis-predicted branch resulting in: 3-Strike Machine Checks without a TOR Timeout, unexpected exceptions, or other unpredictable system behavior. (RKL, TGL, ICL)
Dedicated Fast store forward predictor Control: Support optional disable for Fast Store Forwarding Predictor via IA32_SPEC_CTRL.PSFD. (ADL+, ICL, ICX+, LKF, RKL, TGL)
RAPL Filtering opt-in SW Switch: Intel® added an opt-in SW switch that allows System SW to enable RAPL power filtering to protect against attacks similar to CVE-2020-8695. (GLK+, SKL+, SKX+)
WBINVD CHA Conflict Resolution: Under complex microarchitecural conditions, during the writeback and invalidate cache instruction (WBINVD) execution, the Caching and Home Agent (CHA) may not correctly resolve a conflict between read and write instructions on a two or more socket system. This may result in a 3-strike error with TOR timeout or other unpredictable system behavior. (CLX, CPX, SKX)
Thermal Status Model Specific Register: Some STATUS/LOG bits in MSR IA32_THERM_STATUS (0x19c) #GP fault incorrectly on a write of a value 1 during a Read-Modify-Write sequence for that MSR. (ACF, CLX, CPX, SKX)
System hangs with 2400 UDIMM: Uncorrectable memory errors resulting in system hang may occur when running with 2400 UDIMM memory config and enabling Pkg C6 for the system. (BDX, HWL)
Intel® Server Platform Services Firmware: Timeout while Advanced Memory Test is enabled results in reduced Intel® SPS Firmware functionality when failing memory is installed. Intel® SPS Firmware enters Recovery Mode when Flash Descriptor Verification (FD0V) feature is enabled. Platform does not boot after power loss during update scenario including Intel® SPS Firmware SVN increase. (CLX, DNV, SKX/-D)
CHA BL VNA credit setting for CPX systems: CHA (Caching Home Agent) BL (Block Layer) VNA (Virtual Network Adaptive) credit programming requires target ports for PCIe to have credits programmed based on system configuration for performance and functional requirements. (CPX)
System hangs during boot with POST code 0xBB when installed system memory exceeds selected MMIO High base: The system cannot boot when MMIO high base overlaps with the amount of installed system memory available to map. (CLX)
Resizable BAR Support for Discrete Graphics: Modern graphics cards may deliver reduced performance without this feature enabled. (BFL, CML, CFL, GFL)
Additionally, a functional update took place in Intel® Processor Microcode (MCU), affecting products / architectures Celeron G, Core 7-9 Gen., Pentium Gold, Xeon E/E3v5/E3v6 family, referring to:
TSX Deprecation: Intel® further deprecates and removes its Intel® Transactional Synchronization Extensions (Intel® TSX) feature via MCU on a subset of PC client platforms with the release of the 2021.2 Intel Platform Update (IPU). The MCU will provide the ability to re-enable TSX on these platforms as a software development vehicle. (Core 8-10 Gen., Xeon E)
There were no additional CVEs assigned to these FUNCTIONAL updates.
CVE Reference (INTEL-SA-00470, INTEL-SA-00527, INTEL-SA-00532, INTEL-SA-00561, INTEL-SA-00589)
INTEL-SA-00470: 2021.2 IPU – Intel® SPS, AMT and PMC Advisory
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
7.3 (High) | |
5.0 (Medium) | |
4.4 (Medium) |
INTEL-SA-00527: 2021.2 IPU – Intel® Firmware (BIOS) Advisory
The description of the vulnerabilities with at least a low, medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
8.2 (High) | |
7.9 (High) | |
7.9 (High) | |
7.9 (High) | |
7.9 (High) | |
7.9 (High) | |
7.8 (High) | |
7.5 (High) | |
7.2 (High) | |
7.2 (High) | |
6.7 (Medium) | |
6.3 (Medium) | |
5.8 (Medium) | |
4.7 (Medium) | |
3.2 (Low) | |
2.4 (Low) |
INTEL-SA-00532: 2021.2 IPU – Intel® Processor Breakpoint Control Flow (PBCF) Advisory
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
5.6 (Medium) |
INTEL-SA-00561: 2021.2 IPU – Intel® Processor Shared Resource Advisory (PSRA) Advisory
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
6.5 (Medium) |
INTEL-SA-00589: 2021.2 IPU – Intel® Atom® Processor Advisory
The description of the vulnerabilities with at least a low, medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
3.6 (Low) |
Links for Technical Details
Technical details of the potential security vulnerabilities and functional issues are documented online:
https://security-center.intel.com
A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched.
An overview of the affected Client Computing Devices (e.g. CELSIUS, ESPRIMO, FUTRO, LIFEBOOK, STYLISTIC) can be found here:
In an effort to continuously improve the robustness of Intel® products, manufacturer Intel® has performed a security review with the objective of continuously enhancing software resilience. Affected Fujitsu products are listed below. For detailed information on the Fujitsu-approved remedy, please refer to the official Fujitsu PSIRT security advisory (PSS-IS-2021-052110), as well as to the official Intel® security advisories (INTEL-SA-00470, INTEL-SA-00527, INTEL-SA-00532, INTEL-SA-00561 and INTEL-SA-00589).
List of Affected Fujitsu products ( APL )
2021.2 INTEL PLATFORM UPDATE (IPU) INTEL 2021.2 IPU COVERING INTEL® SPS, AMT and PMC UPDATES, INTEL® FIRMWARE (BIOS) UPDATES, INTEL® PROCESSOR MICROCODE (MCU) UPDATES
Mobile ( CELSIUS /LIFEBOOK /STYLISTIC )
AFFECTED SYSTEM | NEW FIXED
| BIOS/ME
|
---|---|---|
LIFEBOOK E448 /E458 | V1.21 | cw 21/2022 |
LIFEBOOK E449/459 | V1.09 | cw 21/2022 |
LIFEBOOK E546 /E556
| V1.36 | cw 26/2022 |
LIFEBOOK E546 /E556
| V1.36 | cw 26/2022 |
LIFEBOOK E547/E557
| V1.19 | cw 24/2022 |
LIFEBOOK E547/E557
| V1.19 | cw 24/2022 |
LIFEBOOK E548 /E558 | V1.22 | cw 21/2022 |
LIFEBOOK E549 /E559 | V2.20 | cw 17/2022 |
LIFEBOOK E736/E746/E756
| V1.40 | cw 26/2022 |
LIFEBOOK E736/E746/E756
| V1.40 | cw 26/2022 |
LIFEBOOK E5410 /E5510 | V2.23 | cw 15/2022 |
LIFEBOOK E5411/E5511 | V2.26 | cw 11/2022 |
LIFEBOOK P727 | V1.23 | cw 24/2022 |
LIFEBOOK P728 | V1.19 | cw 21/2022 |
LIFEBOOK S936 | V1.26 | cw 26/2022 |
LIFEBOOK S937 | V2.11 | cw 21/2022 |
LIFEBOOK S938 | V1.19 | cw 21/2022 |
LIFEBOOK T726 | V1.24 | cw 26/2022 |
LIFEBOOK T936 | V1.24 | cw 26/2022 |
LIFEBOOK T937 | V1.24 | cw 24/2022 |
LIFEBOOK T938 | V2.15 | cw 17/2022 |
LIFEBOOK U727/U747/U757 6th Gen CPU model | V1.29 | cw 24/2022 |
LIFEBOOK U727/U747/U757 | V1.29 | cw 24/2022 |
LIFEBOOK U728 /U748 /U758 | V1.25 | cw 21/2022 |
LIFEBOOK U729 /U749 /U759 | V2.16 | cw 17/2022 |
LIFEBOOK U729X | V2.16 | cw 17/2022 |
LIFEBOOK U937 | V1.20 | cw 24/2022 |
LIFEBOOK U938 | V1.25 | cw 21/2022 |
LIFEBOOK U939
| V2.18 | cw 17/2022 |
LIFEBOOK U939
| V2.17 | cw 17/2022 |
LIFEBOOK U939X | V2.21 | cw 17/2022 |
LIFEBOOK U9310 | V2.17 | cw 15/2022 |
LIFEBOOK U9310X | V2.16 | cw 15/2022 |
LIFEBOOK U9311
| V2.32 | cw 11/2022 |
LIFEBOOK U9311
| V1.52 | cw 11/2022 |
LIFEBOOK U9311X | V2.26 | cw 11/2022 |
STYLISTIC Q509 | V1.29 | cw 19/2022 |
STYLISTIC Q616 | V1.18 | cw 26/2022 |
STYLISTIC Q736 | V1.23 | cw 26/2022 |
STYLISTIC Q737 | V1.22 | cw 26/2022 |
STYLISTIC Q738 | V1.15 | cw 21/2022 |
STYLISTIC Q739 | V2.16 | cw 17/2022 |
STYLISTIC Q5010 | V1.24 | cw 19/2022 |
STYLISTIC Q7310 | V2.17 | cw 15/2022 |
STYLISTIC Q7311 | V2.20 | cw 11/2022 |
CELSIUS H760 | v1.26 | cw 26/2022 |
CELSIUS H770 | v1.23 | cw 24/2022 |
CELSIUS H780 | t.b.d. | t.b.d. |
CELSIUS H970 | t.b.d. | t.b.d. |
CELSIUS H980 | t.b.d. | t.b.d. |
CELSIUS H7510 | t.b.d. | t.b.d. |
CELSIUS (WorkStation) | Please refer to the following site.
|
---|---|
ESPRIMO (Desktop) | |
FUTRO (Thin-Client) |
This page will be updated regularly as soon as new information is available. Besides a list of affected systems, also more detailed advice will follow.
* cw: calendar week
t.b.d.: to be defined
** Installation by Fujitsu hardware service on request
Contact Details
Should you require any further security-related assistance, please contact:Fujitsu-PSIRT@ts.fujitsu.com.
For more information on security vulnerabilities, please also go to https://security.ts.fujitsu.com.
NOTE:
Insyde® Security Advisories INSYDE-SA-2022001 to INSYDE-SA-2022024 on InsydeH2O are not part of this 2021.2 Intel Platform Update (IPU). The Fujitsu PSIRT already addressed the Insyde® Security Advisories internally and released dedicated Fujitsu PSIRT Security Advsiory FCCL-IS-2021-090903. All necessary updates will be issued along with the 2021.2 Intel Platform Update (IPU).
Intel® Security Advisories INTEL-TA-00528 (CPU FSFPCD), INTEL-TA-00562 (BIOS) and INTEL-TA-00575 (AMT) are not officially part of this 2021.2 Intel Platform Update (IPU). All necessary updates will be issued along with the 2021.2 Intel Platform Update (IPU). Fujitsu PRIMERGY and PRIMEQUEST systems are not affected by Intel® Security Advisories INTEL-TA-00528 and INTEL-TA-00575.
Intel® Security Advisories INTEL-SA-00539, INTEL-SA-00563, INTEL-SA-00571, INTEL-SA-00581, INTEL-SA-00582, INTEL-SA-00593, INTEL-SA-00598, INTEL-SA-00604 and INTEL-SA-00609 are not part of this 2021.2 Intel Platform Update (IPU). The Fujitsu PSIRT already addressed these Intel® Security Advisories internally and will release Fujitsu PSIRT Security Notices, depending on the result of the final analysis.
Recommended Steps for Remediation |
Remediation via BIOS Update |
Step 1: Determine whether you have an affected system. |
Refer to the LIST OF AFFECTED Fujitsu product (APL)
|
Step 2: Download and install the BIOS update package.
|
• Select "Select a new Product" (button)
|
Step 3: Preparation.
After downloading the .zip file, containing the ME Firmware Update Pack, extract all files/directories/subdirectories in the Firmware.ME directory (\Firmware.ME) of the .zip file to the desired directory on the hard drive.
Step 4: ME Update Procedure.
The "Firmware.ME" directory contains the ME update files which can be used in Windows environment. Run "update.bat" in Windows cmd environment with administrative privileges to start the ME flash procedure. Please choose 32-bit or 64-bit directory if using a Windows 32-bit or a Windows 64-bit installation.
NOTE:
To run the ME Update procedure using a Windows installation, it is necessary to have the Windows "HECI" driver installed. Please use the Intel® Active Management Technology (Intel® AMT) Driver Package for Windows.
To run the ME update procedure, using a Windows PE installation, it is necessary to have the Windows "HECI" driver installed. This can be done at runtime by executing "drvload.exe <path-to-HECI.INF>\HECI.INF". The "HECI" driver can be extracted from the Intel® Active Management Technology (Intel® AMT) Driver Package for Windows.
Links for Software Security UpdatesVendor Fujitsu Further Information |
Contact Details |
Should you require any further security-related assistance, please contact: fpca-hk.cs@hk.fujitsu.com |
Legal Statement |
Fujitsu does not manufacture the affected microprocessors, that Fujitsu buys from third party suppliers and integrates into its products. Therefore, this communication is based on the information and recommendations Fujitsu has received from the third party suppliers of the affected microprocessors.
|