CVE-2018-12191: Buffer Overflow
First published: Thu Mar 14 2019(Updated: )
Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Converged Security Management Engine Firmware | >=11.0<11.8.60 | |
| Intel Converged Security Management Engine Firmware | >=11.10<11.11.60 | |
| Intel Converged Security Management Engine Firmware | >=11.20<11.22.60 | |
| Intel Converged Security Management Engine Firmware | >=12.0.0<12.0.20 | |
| Intel Server Platform Services Firmware | >=4.00.04.367<4.00.04.383 | |
| Intel Server Platform Services Firmware | >=4.01.00.152.0<4.01.02.174 | |
| Intel Trusted Execution Engine Firmware | >=3.0<3.1.60 | |
| Intel Trusted Execution Engine Firmware | >=4.0<4.0.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-12191?
CVE-2018-12191 is a vulnerability in the kernel subsystem in Intel CSME, Intel Server Platform Services, and Intel TXE that allows an unauthenticated user to potentially execute arbitrary code.
What software versions are affected by CVE-2018-12191?
The affected software versions include Intel CSME before 11.8.60, 11.11.60, 11.22.60, or 12.0.20; Intel Server Platform Services before 4.00.04.383 or SPS 4.01.02.174; and Intel TXE before 3.1.60 or 4.0.10.
How severe is CVE-2018-12191?
CVE-2018-12191 has a severity score of 7.6 (high).
Where can I find more information about CVE-2018-12191?
You can find more information about CVE-2018-12191 at the following references: [NetApp Security Advisory](https://security.netapp.com/advisory/ntap-20190318-0001/), [HPE Security Bulletin](https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03914en_us), [Intel Security Advisory](https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html).
How do I fix CVE-2018-12191?
To fix CVE-2018-12191, update your Intel CSME to version 11.8.60, 11.11.60, 11.22.60, or 12.0.20; update Intel Server Platform Services to version 4.00.04.383 or SPS 4.01.02.174; and update Intel TXE to version 3.1.60 or 4.0.10.
- collector/nvd-index
- agent/weakness
- vendor/intel
- canonical/intel converged security management engine firmware
- version/intel converged security management engine firmware/11.0
- version/intel converged security management engine firmware/11.10
- version/intel converged security management engine firmware/11.20
- version/intel converged security management engine firmware/12.0.0
- canonical/intel server platform services firmware
- version/intel server platform services firmware/4.00.04.367
- version/intel server platform services firmware/4.01.00.152.0
- canonical/intel trusted execution engine firmware
- version/intel trusted execution engine firmware/3.0
- version/intel trusted execution engine firmware/4.0