Support us on Patreon to keep GamingOnLinux alive. This ensures all of our main content remains free for everyone. Just good, fresh content! Alternatively, you can donate through PayPal. You can also buy games using our partner links for GOG and Humble Store.
We do often include affiliate links to earn us some pennies. See more here.

Intel chipsets have another security issue, this time it's 'unfixable'

By - | Views: 39,826

Researchers have uncovered a fun new vulnerability in Intel processors, and this one has a claim attached that it's not possible to fix it.Sound familiar? Yeah, there's been a lot of problems over at Intel in the last couple years. We reported on some back in January and it seems it's not getting any better.

This issue, found and reported by Positive Technologies, mentions CVE-2019-0090 which as the numbered year suggests was already announced last year. However, the plot thickens. If you have an Intel chipset and/or SoC older than the 10th Generation (so anything in the last few years), you will be affected by this.

Not something you can get a firmware update or an operating system patch to help with either, since it concerns the Converged Security and Management Engine (CSME). As written by the folks over at Positive Technologies:

We will provide more technical details in a full-length white paper to be published soon. We should point out that when our specialists contacted Intel PSIRT to report the vulnerability, Intel said the company was already aware of it (CVE-2019-0090). Intel understands they cannot fix the vulnerability in the ROM of existing hardware. So they are trying to block all possible exploitation vectors. The patch for CVE-2019-0090 addresses only one potential attack vector, involving the Integrated Sensors Hub (ISH). We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access.

As you can see, it's not going to be the most practical for people to break into so you don't need to go and wildly panic right this second, since they would need some sort of physical and local access but it's still a damning look for Intel's processor security. To have something so severe that can only be fixed by replacing the entire hardware—ouch.

Do you currently have an Intel CPU and are you considering switching to AMD? Let us know in the comments. AMD aren't entirely secure themselves though, multiple past issues have also affected them.

Article taken from GamingOnLinux.com.
Tags: Security, Hardware
13 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. Find me on Mastodon.
See more from me
Some you may have missed, popular articles from the last month:
The comments on this article are closed.
49 comments
Page: 1/5»
  Go to:

coeseta Mar 6, 2020
View PC info
I went from my Intel core i7 3770k to AMD Ryzen 3700x one month ago. I am quiet happy with the new Hardware :)
da_habakuk Mar 6, 2020
View PC info
still rocking my
"Intel(R) Xeon(R) CPU E3-1231 v3"
aka
"bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit".

at the time of buying this, there was simply no good AMD cpu around.

im too old for the upgrade game. but my next cpu will be a ryzen - thats for sure. competition is always good for us consumers!

but i dont think they are more secure - intels market share is so much higher... of course research will be done there first.

like windows - if apple or linux had the same widespread desktop usage as windows, it wouldnt look any better for them :)


Last edited by da_habakuk on 6 March 2020 at 1:32 pm UTC
dpanter Mar 6, 2020
View PC info
  • Mega Supporter
This is major security bug number... what? I can't keep track of this madness any more.

Next system is AMD, probably Ryzen. Simple as that.
rkfg Mar 6, 2020
View PC info
Why do you think AMD is more secure? Sure, their CPUs/chipsets don't have these exact Intel technologies but they have other things that might be vulnerable. Also, many of those CPU data leaks were not Intel-specific.
SirLootALot Mar 6, 2020
View PC info
To protect your privacy, external media requires approval to load. Source: media1.tenor.com
View cookie preferences.
Accept & Show Accept All & Don't show this again   Direct Link
Pikolo Mar 6, 2020
I'm mostly going for AMD because they have an integrated GPU good enough to avoid Nvidia.
soulsource Mar 6, 2020
View PC info
Quoting: rkfgWhy do you think AMD is more secure? Sure, their CPUs/chipsets don't have these exact Intel technologies but they have other things that might be vulnerable. Also, many of those CPU data leaks were not Intel-specific.

I'll just leave this here: https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor
gojul Mar 6, 2020
View PC info
Have a Core i7 4790. My next rig in 2-3 years will be AMD.
da_habakuk Mar 6, 2020
View PC info
Quoting: soulsource
Quoting: rkfgWhy do you think AMD is more secure? Sure, their CPUs/chipsets don't have these exact Intel technologies but they have other things that might be vulnerable. Also, many of those CPU data leaks were not Intel-specific.

I'll just leave this here: https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor

thats why open hardware would be the way to go. but would that work in capitalism ?
what about china clones?
sue a company in russia or china for selling open-hardware designs made by others under their own name?
what would a company like intel or amd do?
Creak Mar 6, 2020
View PC info
  • Supporter Plus
Quoting: soulsource
Quoting: rkfgWhy do you think AMD is more secure? Sure, their CPUs/chipsets don't have these exact Intel technologies but they have other things that might be vulnerable. Also, many of those CPU data leaks were not Intel-specific.

I'll just leave this here: https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor
To be fair, I'm pretty sure Intel must also have a division dedicated to the security of their CPUs too. I'm not convinced AMD CPUs are flawless, it's just that they get less researches since they have less market shares (especially on the servers). Though I'm definitely glad to go full AMD on my machine right now :D


Last edited by Creak on 6 March 2020 at 2:03 pm UTC
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.
★ Support Us
Popular this week
Search or view by category
Contact
Latest Comments
Latest Forum Posts
Misc