CVE-2020-0545: Integer Overflow
First published: Mon Jun 15 2020(Updated: )
Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Converged Security Management Engine Firmware | >=11.0<11.8.77 | |
| Intel Converged Security Management Engine Firmware | >=11.10<11.12.77 | |
| Intel Converged Security Management Engine Firmware | >=11.20<11.22.77 | |
| Intel Server Platform Services | >=sps_e3_04.00.00.000.0<sps_e3_04.01.04.109.0 | |
| Intel Server Platform Services | >=sps_e3_04.08.00.000.0<sps_e3_04.08.04.070.0 | |
| Intel Server Platform Services | >=sps_e5_04.00.00.000.0<sps_e5_04.01.04.380.0 | |
| Intel Server Platform Services | >=sps_soc-a_04.00.00.000.0<sps_soc-a_04.00.04.211.0 | |
| Intel Server Platform Services | >=sps_soc-x_04.00.00.000.0<sps_soc-x_04.00.04.128.0 | |
| Intel Trusted Execution Engine | >=3.0<3.1.75 | |
| Intel Trusted Execution Engine | >=4.0<4.0.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10321
- https://security.netapp.com/advisory/ntap-20200611-0006/
- https://support.lenovo.com/de/en/product_security/len-30041
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-0545.
What is the severity of CVE-2020-0545?
The severity of CVE-2020-0545 is medium with a severity score of 4.4.
Which software versions are affected by CVE-2020-0545?
Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, Intel(R) TXE versions before 3.1.75, 4.0.25, and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0 are affected by CVE-2020-0545.
How can I fix CVE-2020-0545?
Apply the latest security patch or update provided by Intel to fix CVE-2020-0545.
Where can I find more information about CVE-2020-0545?
More information about CVE-2020-0545 can be found at the following references: [Link 1](https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf), [Link 2](https://kc.mcafee.com/corporate/index?page=content&id=SB10321), [Link 3](https://security.netapp.com/advisory/ntap-20200611-0006/).
- collector/nvd-index
- vendor/intel
- canonical/intel converged security management engine firmware
- version/intel converged security management engine firmware/11.0
- version/intel converged security management engine firmware/11.10
- version/intel converged security management engine firmware/11.20
- canonical/intel server platform services
- version/intel server platform services/sps_e3_04.00.00.000.0
- version/intel server platform services/sps_e3_04.08.00.000.0
- version/intel server platform services/sps_e5_04.00.00.000.0
- version/intel server platform services/sps_soc-a_04.00.00.000.0
- version/intel server platform services/sps_soc-x_04.00.00.000.0
- canonical/intel trusted execution engine
- version/intel trusted execution engine/3.0
- version/intel trusted execution engine/4.0