2021.2 INTEL PLATFORM UPDATE (IPU)

Intel 2021.2 IPU covering Intel® SPS, AMT & PMC updates, Intel® Firmware (BIOS) updates, Intel® Processor Microcode (MCU) updates

Fujitsu Communication

Original release:8 Feb 2022
Fujitsu PSIRT ID:PSS-IS-2021-052110

Advisory Description

INTEL-SA-00470: 2021.2 IPU – Intel® SPS, AMT and PMC Advisory

Multiple potential security vulnerabilities in the Intel® Server Platform Services (Intel® SPS), Intel® Active Management Technology (Intel® AMT) and Intel® Power Management Controller (Intel® PMC) may allow a denial of service and/or an escalation of privilege. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:

CVE-2021-0060: Insufficient compartmentalization in HECI subsystem for Intel® SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0 and SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access.

CVE-2021-33068: Null pointer dereference in subsystem for Intel® AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.

CVE-2021-0147: Improper locking in the Power Management Controller (PMC) for some Intel® Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access.

Potential Impact: According to the information provided the potential impact of INTEL-SA-00470 is:
Denial of Service, Privilege Escalation

INTEL-SA-00527: 2021.2 IPU – Intel® Firmware (BIOS) Advisory

Multiple potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow a denial of service, information disclosure or an escalation of privilege. The detailed description of the vulnerabilities with at least a low, medium, high or critical CVSS base score is as follows:

CVE-2021-0103: Insufficient control flow management in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-2021-0114: Unchecked return value in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-2021-0115: Buffer overflow in the firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2021-0116: Out-of-bounds write in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-2021-0117: Pointer issues in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-2021-0118: Out-of-bounds read in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-2021-0099: Insufficient control flow management in the firmware for some Intel® Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

CVE-2021-0156: Improper input validation in the firmware for some Intel® Processors may allow an authenticated user to potentially enable an escalation of privilege via local access.

CVE-2021-0111: NULL pointer dereference in the firmware for some Intel® Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

CVE-2021-0107: Unchecked return value in the firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2021-0125: Improper initialization in the firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

CVE-2021-0124: Improper access control in the firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

CVE-2021-0119: Improper initialization in the firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via physical access.

CVE-2021-0092: Improper access control in the firmware for some Intel® Processors may allow a privileged user to potentially enable a denial of service via local access.

CVE-2021-0091: Improper access control in the firmware for some Intel® Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access.

CVE-2021-0093: Incorrect default permissions in the firmware for some Intel® Processors may allow a privileged user to potentially enable a denial of service via local access.

Potential Impact: According to the information provided the potential impact of INTEL-SA-00527 is:
Denial of Service, Information Disclosure, Privilege Escalation

INTEL-SA-00532: 2021.2 IPU – Intel® Processor Breakpoint Control Flow (PBCF) Advisory

A potential security vulnerability in some Intel® processors may allow a denial of service. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:

CVE-2021-0127: Insufficient control flow management in some Intel® processors may allow an authenticated user to potentially enable a denial of service via local access.

Potential Impact: According to the information provided the potential impact of INTEL-SA-00532 is:
Denial of Service

INTEL-SA-00561: 2021.2 IPU – Intel® Processor Shared Resource Advisory (PSRA) Advisory

Multiple potential security vulnerabilities in some Intel® Processors may allow information disclosure. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:

CVE-2021-0145: Improper initialization of shared resources in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

Potential Impact: According to the information provided the potential impact of INTEL-SA-00561 is:
Information Disclosure

INTEL-SA-00589: 2021.2 IPU – Intel® Atom® Processor Advisory

A potential security vulnerability in some Intel® Atom® Processors may allow may allow a denial of service and/or information disclosure. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:

CVE-2021-33120: Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom® Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access.

Potential Impact: According to the information provided the potential impact of INTEL-SA-00589 is:
Denial of Service, Information Disclosure

2021.2 IPU – Intel® Processor Microcode (MCU) and Intel® Firmware (BIOS) Functional Updates

Additionally, multiple functional updates took place in Intel® Processor Microcode (MCU) and BIOS/Kernel, affecting products/architectures ACF, ADL+, BDX, BFL, CFL, CLX, CML, CPX, DNV, GFL, GLK+, HWL, ICL, ICX+, LKF, RKL, SKL+, SKX/+/-D, TGL, referring to:

2nd Generation Xeon Memory Mode Machine Check Issue: Systems with 2nd Generation Intel® Xeon® Scalable Processors may machine check when using Intel® Optane Persistent Memory 100 Series in Memory Mode or Mixed Mode. (CLX)

System May Hang or Reboot Unexpectedly Due To System Stress: Under a complex set of microarchitectural conditions certain processors may incorrectly recover from a mis-predicted branch resulting in: 3-Strike Machine Checks without a TOR Timeout, unexpected exceptions, or other unpredictable system behavior. (RKL, TGL, ICL)

Dedicated Fast store forward predictor Control: Support optional disable for Fast Store Forwarding Predictor via IA32_SPEC_CTRL.PSFD. (ADL+, ICL, ICX+, LKF, RKL, TGL)

RAPL Filtering opt-in SW Switch: Intel® added an opt-in SW switch that allows System SW to enable RAPL power filtering to protect against attacks similar to CVE-2020-8695. (GLK+, SKL+, SKX+)

WBINVD CHA Conflict Resolution: Under complex microarchitecural conditions, during the writeback and invalidate cache instruction (WBINVD) execution, the Caching and Home Agent (CHA) may not correctly resolve a conflict between read and write instructions on a two or more socket system. This may result in a 3-strike error with TOR timeout or other unpredictable system behavior. (CLX, CPX, SKX)

Thermal Status Model Specific Register: Some STATUS/LOG bits in MSR IA32_THERM_STATUS (0x19c) #GP fault incorrectly on a write of a value 1 during a Read-Modify-Write sequence for that MSR. (ACF, CLX, CPX, SKX)

System hangs with 2400 UDIMM: Uncorrectable memory errors resulting in system hang may occur when running with 2400 UDIMM memory config and enabling Pkg C6 for the system. (BDX, HWL)

Intel® Server Platform Services Firmware: Timeout while Advanced Memory Test is enabled results in reduced Intel® SPS Firmware functionality when failing memory is installed. Intel® SPS Firmware enters Recovery Mode when Flash Descriptor Verification (FD0V) feature is enabled. Platform does not boot after power loss during update scenario including Intel® SPS Firmware SVN increase. (CLX, DNV, SKX/-D)

CHA BL VNA credit setting for CPX systems: CHA (Caching Home Agent) BL (Block Layer) VNA (Virtual Network Adaptive) credit programming requires target ports for PCIe to have credits programmed based on system configuration for performance and functional requirements. (CPX)

System hangs during boot with POST code 0xBB when installed system memory exceeds selected MMIO High base: The system cannot boot when MMIO high base overlaps with the amount of installed system memory available to map. (CLX)

Resizable BAR Support for Discrete Graphics: Modern graphics cards may deliver reduced performance without this feature enabled. (BFL, CML, CFL, GFL)

Additionally, a functional update took place in Intel® Processor Microcode (MCU), affecting products / architectures Celeron G, Core 7-9 Gen., Pentium Gold, Xeon E/E3v5/E3v6 family, referring to:

TSX Deprecation: Intel® further deprecates and removes its Intel® Transactional Synchronization Extensions (Intel® TSX) feature via MCU on a subset of PC client platforms with the release of the 2021.2 Intel Platform Update (IPU). The MCU will provide the ability to re-enable TSX on these platforms as a software development vehicle. (Core 8-10 Gen., Xeon E)

There were no additional CVEs assigned to these FUNCTIONAL updates.

CVE Reference (INTEL-SA-00470, INTEL-SA-00527, INTEL-SA-00532, INTEL-SA-00561, INTEL-SA-00589)

INTEL-SA-00470: 2021.2 IPU – Intel® SPS, AMT and PMC Advisory
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:

INTEL-SA-00527: 2021.2 IPU – Intel® Firmware (BIOS) Advisory
The description of the vulnerabilities with at least a low, medium, high or critical CVSS base score is as follows:

INTEL-SA-00532: 2021.2 IPU – Intel® Processor Breakpoint Control Flow (PBCF) Advisory
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:

INTEL-SA-00561: 2021.2 IPU – Intel® Processor Shared Resource Advisory (PSRA) Advisory
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:

INTEL-SA-00589: 2021.2 IPU – Intel® Atom® Processor Advisory
The description of the vulnerabilities with at least a low, medium, high or critical CVSS base score is as follows:

Links for Technical Details

Technical details of the potential security vulnerabilities and functional issues are documented online:
https://security-center.intel.com

A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched.

An overview of the affected Client Computing Devices (e.g. CELSIUS, ESPRIMO, FUTRO, LIFEBOOK, STYLISTIC) can be found here:

In an effort to continuously improve the robustness of Intel® products, manufacturer Intel® has performed a security review with the objective of continuously enhancing software resilience. Affected Fujitsu products are listed below. For detailed information on the Fujitsu-approved remedy, please refer to the official Fujitsu PSIRT security advisory (PSS-IS-2021-052110), as well as to the official Intel® security advisories (INTEL-SA-00470, INTEL-SA-00527, INTEL-SA-00532, INTEL-SA-00561 and INTEL-SA-00589).

List of Affected Fujitsu products ( APL )
2021.2 INTEL PLATFORM UPDATE (IPU) INTEL 2021.2 IPU COVERING INTEL® SPS, AMT and PMC UPDATES, INTEL® FIRMWARE (BIOS) UPDATES, INTEL® PROCESSOR MICROCODE (MCU) UPDATES

Mobile ( CELSIUS /LIFEBOOK /STYLISTIC )

This page will be updated regularly as soon as new information is available. Besides a list of affected systems, also more detailed advice will follow.

* cw: calendar week
t.b.d.: to be defined
** Installation by Fujitsu hardware service on request

Contact Details
Should you require any further security-related assistance, please contact:Fujitsu-PSIRT@ts.fujitsu.com.
For more information on security vulnerabilities, please also go to https://security.ts.fujitsu.com.

NOTE:
Insyde® Security Advisories INSYDE-SA-2022001 to INSYDE-SA-2022024 on InsydeH2O are not part of this 2021.2 Intel Platform Update (IPU). The Fujitsu PSIRT already addressed the Insyde® Security Advisories internally and released dedicated Fujitsu PSIRT Security Advsiory FCCL-IS-2021-090903. All necessary updates will be issued along with the 2021.2 Intel Platform Update (IPU).

Intel® Security Advisories INTEL-TA-00528 (CPU FSFPCD), INTEL-TA-00562 (BIOS) and INTEL-TA-00575 (AMT) are not officially part of this 2021.2 Intel Platform Update (IPU). All necessary updates will be issued along with the 2021.2 Intel Platform Update (IPU). Fujitsu PRIMERGY and PRIMEQUEST systems are not affected by Intel® Security Advisories INTEL-TA-00528 and INTEL-TA-00575.

Intel® Security Advisories INTEL-SA-00539, INTEL-SA-00563, INTEL-SA-00571, INTEL-SA-00581, INTEL-SA-00582, INTEL-SA-00593, INTEL-SA-00598, INTEL-SA-00604 and INTEL-SA-00609 are not part of this 2021.2 Intel Platform Update (IPU). The Fujitsu PSIRT already addressed these Intel® Security Advisories internally and will release Fujitsu PSIRT Security Notices, depending on the result of the final analysis.

Step 3: Preparation.

After downloading the .zip file, containing the ME Firmware Update Pack, extract all files/directories/subdirectories in the Firmware.ME directory (\Firmware.ME) of the .zip file to the desired directory on the hard drive.

Step 4: ME Update Procedure.

The "Firmware.ME" directory contains the ME update files which can be used in Windows environment. Run "update.bat" in Windows cmd environment with administrative privileges to start the ME flash procedure. Please choose 32-bit or 64-bit directory if using a Windows 32-bit or a Windows 64-bit installation.

NOTE:

To run the ME Update procedure using a Windows installation, it is necessary to have the Windows "HECI" driver installed. Please use the Intel® Active Management Technology (Intel® AMT) Driver Package for Windows.

To run the ME update procedure, using a Windows PE installation, it is necessary to have the Windows "HECI" driver installed. This can be done at runtime by executing "drvload.exe <path-to-HECI.INF>\HECI.INF". The "HECI" driver can be extracted from the Intel® Active Management Technology (Intel® AMT) Driver Package for Windows.