Dell Precision E7X10

Updating the system firmware improves performance.

Atom Feed

Version 1.31.3
2023-04-10 02:37:17

This stable release fixes the following issues:

  • This release contains security updates as disclosed in the Dell Security Advisories

Urgency critical
Reported Success 95% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.30.3
2022-12-21 03:03:48

Some new functionality has also been added:

Firmware updates to address security vulnerabilities.

Urgency critical
Reported Success 100% (medium confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.29.3
2022-11-16 07:59:14

This stable release fixes the following issues:

  • Firmware updates to address security vulnerabilities including (Common Vulnerabilities and Exposures - CVE)

Urgency critical
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.28.3
2022-08-15 10:03:05

Some new functionality has also been added:

  • Firmware updates to address security vulnerabilities including

Urgency critical
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.27.3
2022-07-20 08:24:35

This stable release fixes the following issues:

  • Improved the stability of the system.

Urgency high
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.26.3
2022-05-30 04:31:56

This stable release fixes the following issues:

  • Firmware updates to address security vulnerabilities including (Common Vulnerabilities and Exposures - CVE)

Urgency critical
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.25.3
2022-01-20 11:06:47

Some new functionality has also been added:

  • Firmware updates to address security vulnerabilities.

Urgency None
Reported Success 95% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.24.3
2021-11-24 08:38:03

This stable release fixes the following issues:

  • Firmware updates to address the Intel Security Advisory.
  • Firmware updates to address security vulnerabilities.

Urgency None
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2021-0157

    Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.23.3
2021-10-05 12:01:32

This stable release fixes the following issues:

  • Firmware updates to address security vulnerabilities.
  • Fixed the issue where the cursor lags or does not respond in the McAfee Drive Encryption software login screen.

Urgency critical
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.22.5
2021-08-03 08:40:00

This stable release fixes the following issues:

  • Firmware updates to address the Intel Security Advisory

No new functionality has also been added.

Urgency critical
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.21.3
2020-10-20 12:34:39

This stable release fixes the following issues:

  • Firmware updates to address security advisory.
  • Firmware updates to address the Intel Security Advisory.

Urgency critical
Reported Success 96% (medium confidence)
Fixed issues:
  • CVE-2020-0594

    Improper Input Validation (CWE-20) in IPv6 component when handling a packet sent by an unauthorized network attacker. An unauthorized network attacker can send a malicious request that can lead to out of bounds read on the target device. Intel obtained this CVE for CVE-2020-11899 , specific to their environment.

  • CVE-2020-0596

    Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-0545

    Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2020-0540

    Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-0539

    Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.

  • CVE-2020-0538

    Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2020-0537

    Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access.

  • CVE-2020-0536

    Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-0535

    Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-0533

    Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

  • CVE-2020-0532

    Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

  • CVE-2020-0595

    Double Free (CWE-415) in IPv4 tunneling component when handling a packet. An unauthorized network attacker can use malicious packets that could lead to unexpected behavior of memory access that can be used to write or read values in arbitrary memory spaces. This is Intel's version of CVE-2020-11900

  • VU#257161

    Treck Inc.designs and distributes software for real-time operating systems (RTOS) customers worldwide. Treck's sofware provide essential TCP/IP networking capability to these devices. Security researchers from JSOF have discovered a number of vulnerabilities that can have an impact on devices that have adopted Treck's embedded software to cause unexpected behavior and possibly further exploit these devices for nefarious purposes.

  • CVE-2020-0531

    Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.20.3
2020-06-18 06:48:50

Important: - It is recommended not to downgrade the BIOS to versions before 1.6.6, due to downgrade restrictions.

  • Firmware updates to address Intel security advisory
  • Fixed a BIOS Setup configuration issue that occurs after clearing the CMOS.
  • Fixed the issue where the SMM Security Mitigation gets enabled when loading BIOS defaults.

Enhancements:

  • Updated the Embedded Controller Engine firmware.
  • Modified battery algorithm to prolong lifespan and minimize risk of swelling.

Urgency critical
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2019-14607

    Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

  • CVE-2019-11157

    Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.

  • CVE-2019-0185

    Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0154

    Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2019-0124

    Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11131

    Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

  • CVE-2019-11132

    Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.

  • CVE-2019-11086

    Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2019-11107

    Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

  • CVE-2019-11100

    Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access.

  • CVE-2019-0166

    Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2019-0131

    Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

  • CVE-2019-11088

    Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2019-11101

    Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-11087

    Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

  • CVE-2019-0168

    Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0165

    Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2019-11090

    Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2019-11103

    Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-11104

    Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-11147

    Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-11108

    Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11106

    Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11105

    Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access.

  • CVE-2019-0169

    Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.19.3
2019-10-24 05:47:26

Enhancements

  • Updated the Embedded Controller Engine firmware.
  • Modified battery algorithm to prolong lifespan and minimize risk of swelling.

Urgency critical
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.18.5
2019-10-16 15:04:18

Fixes and Enhancements

  • Firmware updates to address security advisory INTEL-SA-00213
  • Firmware updates to address security advisories INTEL-SA-00233
  • Fixed the issue where the TPM setting may be unexpectedly enabled after loading the Custom User Settings in BIOS.
  • Fixed the issue where the Thunderbolt hard disk cannot be detected after setting Thunderbolt security level as No Security in BIOS setup menu.
  • Fixed the issue where the system boots to USB device directly, bypassing the password stage when an admin password is set.
  • Removed the Pre-Boot Intel RST Manager Optimized Defaults option.

Urgency critical
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2019-11091

    Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

  • CVE-2018-12130

    Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

  • CVE-2018-12127

    Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

  • CVE-2018-12126

    Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

  • CVE-2019-0096

    Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.

  • CVE-2019-0094

    Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access.

  • CVE-2019-0093

    Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0092

    Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2019-0091

    Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-0086

    Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.17.7
2019-06-03 09:47:12

Fixes - Fixed an issue with Secure Boot Option ROM Signature Verification.

  • Fixed the issue where a non-US language keyboard does not work in the Dell Data Protection Encryption environment.
  • Fixed the issue where the system cannot set hard drive password with Dell Client Configuration Toolkit.
  • Fixed the issue where the system stops responding at Dell logo, when connected to Dell TB16 due to BIOS settings.
  • Fixed the issue where the system does not support the DynBacklightctrl option in Dell Command | Configure.
  • Fixed the issue where the system loses its USB functionality when connected to Dell TB16 through Type-C port.
  • Fixed the issue where the Thunderbolt HDD functionality is lost when the DisplayPort dongle is reconnected to the Type-C port.
  • Fixed the issue where the Thunderbolt HDD functionality is lost when the system resumes from sleep mode.
  • Fixed the issue where the system supports Pre-boot Execution Environment (PXE) on next boot features.
  • Firmware updates to address security advisory INTEL-SA-00185

Enhancements:

  • Updated the Embedded Controller Engine firmware.

Urgency critical
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2018-12185

    Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

  • CVE-2018-12196

    Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access.

  • CVE-2018-12187

    Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access.

  • CVE-2018-12200

    Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access.

  • CVE-2018-12198

    Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially cause a denial of service via local access.

  • CVE-2018-12199

    Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.

  • CVE-2018-12192

    Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.

  • CVE-2018-12191

    Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

  • CVE-2018-12190

    Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2018-12188

    Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.16.3
2019-05-14 03:17:28

This stable release fixes the following issues:

  • Fixed system password that is not prompted when the system is booting with NVMe SSD.
  • Fixed Monitor webcam flickers/lags with type-C dock/dongle.
  • Fixed error during BIOS setting to trigger external audio device with no function issue.
  • Fixed Device Manager issue that displays wrong string with Switchable Graphics mode in not enabled mode.
  • Fixed Hard Disk Drive (HDD) password is bypassed after re-booting the system.
  • Fixed Video Controller incorrect display information.
  • Fixed errors during BIOS setting when attached to a USB Type-C device.
  • Fixed Wi-Fi not being enabled after removing the Dell WD15 in sleep mode.
  • Fixed unexpected software launches when type some keys fast or type multiple keys at once.
  • Fixed the TPM configuration on a TPM startup error during resuming from sleep mode.
  • Fixed a potential system hang issue when an incorrectly formatted password is entered at the BIOS Security Manager (BIOS pre-boot password) prompt.
  • Fixed PCR7 unable to bind on TPM 1.2 system with Windows 10 operating system.

Enhancements:

  • Supported selectable MAC address Pass-Through feature on docks.
  • Updated TPM clear behavior.
  • Updated CPU microcode to address security advisory Intel Security Advisory INTEL-SA-00115.
  • Added BIOS Password Feature: Master Password Lockout.
  • Updated Intel ME Firmware to address security advisories - INTEL-SA-00125, Intel-SA-00131 & INTEL-SA-00141
  • Updated Realtek USB LAN firmware.

Urgency critical
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2018-3616

    Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.

  • CVE-2018-3658

    Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.

  • CVE-2018-3657

    Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.

  • CVE-2018-3643

    A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.

  • CVE-2018-3655

    A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.

  • VU#180049

    CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

  • CVE-2018-3644
  • CVE-2018-3640

    Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

  • CVE-2018-3639

    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.15.4
2018-03-05 02:06:58

Urgency None
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 1.12.4
2017-05-17 06:13:39

Urgency None
Licenses
Security
Release Gating
Download Archive Firmware Details

LVFS © 2015 Richard Hughes with icons from Font Awesome and GeoIP data from IP2Location.

Linux Vendor Firmware Service Project a Series of LF Projects, LLC :: Charter