Researchers from Positive Technologies
The vulnerability is caused by a bug in the hardware and Intel CSME firmware, which is located in the boot ROM, which prevents the problem from being fixed in devices already in use. Due to the presence of a window during an Intel CSME restart (for example, when resuming from sleep mode), through DMA manipulation it is possible to write data to Intel CSME static memory and modify already initialized Intel CSME memory page tables to intercept execution, retrieve the platform key, and obtain control over the generation of encryption keys for Intel CSME modules. Details of exploitation of the vulnerability are planned to be published later.
In addition to extracting the key, the error also allows code to be executed at zero privilege level
Possible consequences of obtaining the platform root key include support for firmware of Intel CSME components, compromise of media encryption systems based on Intel CSME, as well as the possibility of forging EPID identifiers (
It is noted that the root key of the platform is stored in encrypted form and for complete compromise it is additionally necessary to determine the hardware key stored in SKS (Secure Key Storage). The specified key is not unique and is the same for each generation of Intel chipsets. Since the bug allows code to be executed at a stage before the key generation mechanism in SKS is blocked, it is predicted that sooner or later this hardware key will be determined.
Source: opennet.ru