Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forum Thread to report CSE SPS firmware updates #15

Closed
tk-wfischer opened this issue May 31, 2019 · 1 comment
Closed

Forum Thread to report CSE SPS firmware updates #15

tk-wfischer opened this issue May 31, 2019 · 1 comment

Comments

@tk-wfischer
Copy link

tk-wfischer commented May 31, 2019
edited
Loading

I have found a unknown CSE SPS version in the BIOS version 1.1a (X11SDV9.517) for the Supermicro X11SDV-4C-TP8F mainboard (download is https://www.supermicro.com/about/policies/disclaimer.cfm?SoftwareItemID=7720).

As there are only pinned/linked forum threads for CSME and TXE updates (at least there is no link for SPS updates in README.md) I hereby post this data in a GitHub issue (maybe you want to create a pinned/linked forum thread for SPS updates, too):

╔══════════════════════════════════════════╗
║         ME Analyzer v1.85.1 r163         ║
╚══════════════════════════════════════════╝

╔════════════════════════════════════════╗
║           X11SDV9.517 (1/1)            ║
╟─────────────────────────┬──────────────╢
║          Family         │   CSE SPS    ║
╟─────────────────────────┼──────────────╢
║         Version         │ 04.00.04.097 ║
╟─────────────────────────┼──────────────╢
║         Release         │  Production  ║
╟─────────────────────────┼──────────────╢
║           Type          │    Region    ║
╟─────────────────────────┼──────────────╢
║           SKU           │      3       ║
╟─────────────────────────┼──────────────╢
║         Chipset         │  LBG-H B,A   ║
╟─────────────────────────┼──────────────╢
║ Security Version Number │      3       ║
╟─────────────────────────┼──────────────╢
║  Version Control Number │      0       ║
╟─────────────────────────┼──────────────╢
║    Production Version   │     Yes      ║
╟─────────────────────────┼──────────────╢
║    OEM RSA Signature    │      No      ║
╟─────────────────────────┼──────────────╢
║     OEM Unlock Token    │      No      ║
╟─────────────────────────┼──────────────╢
║           Date          │  2019-02-02  ║
╟─────────────────────────┼──────────────╢
║    File System State    │  Configured  ║
╟─────────────────────────┼──────────────╢
║           Size          │   0x37E000   ║
╟─────────────────────────┼──────────────╢
║     Flash Image Tool    │ 04.00.04.097 ║
╟─────────────────────────┼──────────────╢
║     Chipset Support     │  Bakerville  ║
╚═════════════════════════╧══════════════╝

Note: This CSE SPS firmware was not found at the database, please report it!

[UPDATE]: This version 04.00.04.097 seems to be the fix for CVE-2019-0089 as the version before this (04.00.04.086) is listed in https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html like the following:

CVEID: CVE-2019-0089 [...] Description: Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions [...] and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Best regards,
Werner
@platomav
Copy link
Owner

Hello Werner,

Thank you very much for using MEA and for the report. Feel free to post at the Intel Engine Firmware Repositories thread for (CS)SPS firmware as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tk-wfischer @platomav