The Intel Management Engine (IME) has had its fair share of problems over the past year, and now four new exploitable bugs have popped up. Intel has released two advisories for the bugs— one addressing three of them, and the other addressing a single flaw.
The bugs all impact the IME in various ways. The solo advisory, which noted CVE-2018-3627, describes a logic bug that can “allow an attacker to execute arbitrary code via local privileged access.” While it does require privileged access, it’s rated as a 7.5 out of 10 in terms of severity.
Here are the affected CPUs and their resolved firmware versions:
- 6th Generation Intel Core Processor Family – Intel CSME 11.8.50
- 7th Generation Intel Core Processor Family – Intel CSME 11.8.50
- 8th Generation Intel Core Processor Family – Intel CSME 11.8.50
- Intel Xeon Processor E3-1200 v5 & v6 Product Family – Intel CSME 11.8.50
- Intel Xeon Processor W Family – Intel CSME 11.11.50