Fujitsu Communication

Original release:	August 14, 2024
Last update:	January 16, 2025
Fujitsu PSIRT ID:	FJ-ISS-2024-050711

Advisory Description

INTEL-SA-00999: 2024.3 IPU - Intel® Chipset Firmware (CSME, AMT, ISM) Advisory

Potential vulnerabilities in the Intel® Converged Security Management Engine (Intel® CSME), Intel® Active Management Technology (Intel® AMT) and Intel® Standard Manageability (Intel® ISM) may allow a denial of service, information disclosure or an escalation of privilege. The detailed description of the vulnerabilities is as follows:

• CVE-2023-40067: Unchecked return value in firmware for some Intel® CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
• CVE-2023-35061: Improper initialization for the Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
• CVE-2023-48361: Improper initialization in firmware for some Intel® CSME may allow a privileged user to potentially enable information disclosure via local access.
• CVE-2024-21844: Integer overflow in firmware for some Intel® CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.
• CVE-2023-34424: Improper input validation in firmware for some Intel® CSME may allow a privileged user to potentially enable denial of service via local access.
• CVE-2023-38655: Improper buffer restrictions in firmware for some Intel® AMT and Intel® Standard Manageability (Intel® ISM) may allow a privileged user to potentially enable denial of service via network access.

Intel informed, that regarding CVE-2023-35061 system-level problem description, the mitigation is deployed via firmware update.

Potential Impact: According to the information provided the potential impact of INTEL-SA-00999 is:
Denial of Service, Information Disclosure, Privilege Escalation

INTEL-SA-01083: 2024.3 IPU - Intel® SMI Transfer Monitor (MC) Advisory

A potential vulnerability in Intel® SMI Transfer Monitor (STM) may allow an escalation of privilege. The detailed description of the vulnerability is as follows:

• CVE-2024-24853: Incorrect behavior order in transition between executive monitor and SMI Transfer Monitor (STM) in some Intel® Processor may allow a privileged user to potentially enable escalation of privilege via local access.

Customers may please refer to the original 2024.3 IPU - Intel® SMI Transfer Monitor Advisory as well as the Intel® Microcode Update Guidance document, to inform themselves on the microcode update (MCU) process in connection with this Intel PSIRT Security Advisory.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01083 is:
Privilege Escalation

INTEL-SA-01100: 2024.3 IPU - Intel® Xeon® Processor (MC) Advisory

A potential vulnerability in some 3rd, 4th, and 5th Generation Intel® Xeon® Processors may allow an escalation of privilege. The detailed description of the vulnerability is as follows:

• CVE-2024-24980: Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel® Xeon® Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Customers may please refer to the original 2024.3 IPU - Intel® Xeon® Processor Advisory as well as the Intel® Microcode Update Guidance document, to inform themselves on the microcode update (MCU) process in connection with this Intel PSIRT Security Advisory.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01100 is:
Privilege Escalation

INTEL-SA-01118: 2024.3 IPU - Intel® Xeon® Scalable Processor (MC) Advisory

A potential vulnerability in some 3rd Generation Intel® Xeon® Scalable Processors may allow a denial of service. The detailed description of the vulnerability is as follows:

• CVE-2024-25939: Mirrored regions with different values in 3rd Generation Intel® Xeon® Scalable Processors may allow a privileged user to potentially enable denial of service via local access.

Customers may please refer to the original 2024.3 IPU - Intel® Xeon® Scalable Processor Advisory as well as the Intel® Microcode Update Guidance document, to inform themselves on the microcode update (MCU) process in connection with this Intel PSIRT Security Advisory.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01118 is:
Denial of Service

INTEL-SA-01071: 2024.3 IPU – Intel® Firmware (BIOS) Advisory

Potential vulnerabilities in the BIOS firmware for some Intel® Processors may allow a denial of service, information disclosure or an escalation of privilege. The detailed description of the vulnerabilities is as follows:

• CVE-2024-23599: Race condition in Seamless Firmware Updates for some Intel® reference platforms may allow a privileged user to potentially enable denial of service via local access.
• CVE-2024-21871: Improper input validation in UEFI firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
• CVE-2023-43626: Improper access control in UEFI firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
• CVE-2023-42772: Untrusted pointer dereference in UEFI firmware for some Intel® reference processors may allow a privileged user to potentially enable escalation of privilege via local access.
• CVE-2024-21829: Improper input validation in UEFI firmware error handler for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
• CVE-2024-21781: Improper input validation in UEFI firmware for some Intel® Processors may allow a privileged user to enable information disclosure or denial of service via local access.
• CVE-2023-41833: A race condition in UEFI firmware for some Intel® processors may allow a privileged user to potentially enable escalation of privilege via local access.
• CVE-2023-23904: NULL pointer dereference in the UEFI firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
• CVE-2023-22351: Out-of-bounds write in UEFI firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
• CVE-2023-43753: Improper conditions check in some Intel® Processors with Intel® Software Guard Extensions (Intel® SGX) may allow a privileged user to potentially enable information disclosure via local access.
• CVE-2023-25546: Out-of-bounds read in UEFI firmware for some Intel® Processors may allow a privileged user to potentially enable denial of service via local access.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01071 is:
Denial of Service, Information Disclosure, Privilege Escalation

INTEL-SA-01097: 2024.3 IPU - Intel® Processor (MC) Advisory

A potential vulnerability in some Intel® Processors may allow a denial of service. The detailed description of the vulnerability is as follows:

• CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel® Processors may allow an privileged user to potentially enable a denial of service via local access.

Customers may please refer to the original 2024.3 IPU - Intel® Processor Advisory as well as the Intel® Microcode Update Guidance document, to inform themselves on the microcode update (MCU) process in connection with this Intel PSIRT Security Advisory.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01097 is:
Denial of Service

INTEL-SA-01103: 2024.3 IPU - Intel® Processor RAPL Interface (MC) Advisory

A potential vulnerability in the Running Average Power Limit (RAPL) interface for some Intel® Processors may allow information disclosure. The detailed description of the vulnerability is as follows:

• CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access.

The audience may please refer to further publications by manufacturer Intel® on the 2024.3 IPU - Intel® Processor RAPL Interface (MC) Advisory, such as the corresponding article Intel® Running Average Power Limit Energy Reporting [Technical Paper], for additional details about Running Average Power Limit (RAPL).

Customers may please refer to the original 2024.3 IPU - Intel® Processor RAPL Interface Advisory as well as the Intel® Microcode Update Guidance document, to inform themselves on the microcode update (MCU) process in connection with this Intel PSIRT Security Advisory.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01103 is:
Information Disclosure

INTEL-SA-01079: 2024.3 IPU - Intel® Xeon® Processor with Intel® SGX (MC) Advisory

Potential vulnerabilities in some Intel® Xeon® processors using Intel® Software Guard Extensions (Intel® SGX) may allow an escalation of privilege. The detailed description of the vulnerabilities is as follows:

• CVE-2024-23918: Improper conditions check in some Intel® Xeon® processor memory controller configurations when using Intel® SGX may allow a privileged user to potentially enable escalation of privilege via local access.
• CVE-2024-21820: Incorrect default permissions in some Intel® Xeon® processor memory controller configurations when using Intel® SGX may allow a privileged user to potentially enable escalation of privilege via local access.

Intel informed, that a SGX and TDX TCB recovery is required and planned for November 2024, and that Intel document Intel® Trusted Computing Base Recovery Attestation was updated with technical details.

Customers may please refer to the original 2024.3 IPU - Intel® Xeon® Processor with Intel® SGX Advisory as well as the Intel® Microcode Update Guidance document, to inform themselves on the microcode update (MCU) process in connection with this Intel PSIRT Security Advisory.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01079 is:
Privilege Escalation

2024.3 IPU – Intel® Processor Microcode (MC) Updates (MCU)

Additionally, multiple functional updates took place in Intel® Processor Microcode (MC), affecting several products / architectures, referring to:

• Microcode minimum runtime update revision: Beginning with Linux kernel 5.19, Linux will no longer enable runtime loading of Microcode updates by default. This update provides the patch rev. ID in header so Linux can load patches. (Brickland, Grangeville, Grantley, Grantley-Refresh)
• Detecting and dropping spurious C6 entry request: An issue where during C6 exit flow, two Power Management messages sent at the same cycle arrive to PCU with some offset to one another, but are susceptible to an arrival window timeout, causing an unwanted C6 request, potentially with a hang. The update corrects for this issue. (Idaville, Whitley)
• TECRA register monitoring is disabled for non-SGX systems (non-confidential computer systems): An optional feature where confidential compute runtime detection of certain register modulations is detected, is disabled for customers not using SGX. (Idaville, Whitley)
• BMC PECI address to register 0x00 results in different value compared to PCICfg command to the same address: PCH PCIe endpoint registers are not exposed for read via PECI – contrary to customers' expectation. This update exposes for read PCH PCIe endpoint registers that are described in EDS supplied. (Jacobsville)
• Error when reading Processor Event Based Sampling (PEBS) from L3 cache: When PEBS (Process Event Based Sampling) is enabled, the Microcode Space extension infrastructure may cause the data linear address captured in PEBS records to be incorrect. Updated uCode repairs the issue. (Brickland, Grangeville, Grantley, Grantley-Refresh)
• VMEXIT on CPL3->CPL0 does not unwind PL3_SSP: uCode optimizations to avoid unnecessary jumps in flow. (Tiger Lake B)
• VME path setting incorrect VMExit: VMEXIT_INTR_INFO_AND_ERROR_CODE was incorrectly removed in VME event flow. This can result in incorrect vmexit information logged on an exit, due to a nested fault. (Alder Lake, Alder Lake N, Amston Lake, Arizona Beach, Raptor Lake)
• CPUID topology leaves reporting incorrect value when in static lockstep: Repairing a misbehavior where CPUID.0x1F.1.ebx[15:0] is expected, to report same value always irrespective of the mode of the machine, but reports wrong value while executed inside static lock step mode (LSM). (Raptor Lake)
• Enhanced Thermal Velocity Boost (eTVB) may miscalculate frequency limits: Correcting an incorrect frequency limit calculation, which may allow the processor to operate at a high frequency state at a high temperature. (Raptor Lake, Raptor Lake Refresh)

There were no additional CVEs assigned to these FUNCTIONAL updates.

Reference(s) (INTEL-SA-00999, INTEL-SA-01083, INTEL-SA-01100, INTEL-SA-01118, INTEL-SA-01071, INTEL-SA-01097, INTEL-SA-01103, INTEL-SA-01079)

The description of the vulnerabilities is as follows:

CVE ID	CVSS Score	ARF Score	EPSS Score
CVE-2023-40067	Medium (5.7)	High (5)	Low (0.04%)
CVE-2023-35061	Medium (4.3)	High (5)	~ Low (0.20%)
CVE-2023-48361	Low (2.3)	High (5)	Low (0.04%)
CVE-2024-21844	Medium (4.3)	High (5)	Low (0.04%)
CVE-2023-34424	Medium (4.4)	High (5)	Low (0.04%)
CVE-2023-38655	Medium (6.8)	High (5)	Low (0.04%)

The description of the vulnerability is as follows:

CVE ID	CVSS Score	ARF Score	EPSS Score
CVE-2024-24853	High (7.2)	High (5)	Low (0.04%)

The description of the vulnerability is as follows:

CVE ID	CVSS Score	ARF Score	EPSS Score
CVE-2024-24980	Medium (6.1)	High (5)	Low (0.04%)

The description of the vulnerability is as follows:

CVE ID	CVSS Score	ARF Score	EPSS Score
CVE-2024-25939	Medium (6.0)	High (5)	Low (0.04%)

The description of the vulnerabilities is as follows:

CVE ID	CVSS Score	ARF Score	EPSS Score
CVE-2024-23599	High (7.9)	High (5)	Low (0.04%)
CVE-2024-21871	High (7.5)	High (5)	Low (0.04%)
CVE-2023-43626	High (7.5)	High (5)	Low (0.04%)
CVE-2023-42772	High (8.2)	High (5)	Low (0.04%)
CVE-2024-21829	High (7.5)	High (5)	Low (0.04%)
CVE-2024-21781	High (7.2)	High (5)	Low (0.04%)
CVE-2023-41833	High (7.5)	High (5)	Low (0.04%)
CVE-2023-23904	Medium (6.1)	High (5)	Low (0.04%)
CVE-2023-22351	Medium (6.1)	High (5)	Low (0.04%)
CVE-2023-43753	Medium (5.3)	High (5)	Low (0.04%)
CVE-2023-25546	Low (2.5)	High (5)	Low (0.04%)

The description of the vulnerability is as follows:

CVE ID	CVSS Score	ARF Score	EPSS Score
CVE-2024-24968	Medium (5.3)	High (5)	Low (0.04%)

The description of the vulnerability is as follows:

CVE ID	CVSS Score	ARF Score	EPSS Score
CVE-2024-23984	Medium (5.3)	High (5)	Low (0.04%)

The description of the vulnerabilities is as follows:

CVE ID	CVSS Score	ARF Score	EPSS Score
CVE-2024-23918	High (8.8)	High (5)	Low (0.04%)
CVE-2024-21820	High (7.2)	High (5)	Low (0.04%)

Links for Technical Details

Technical details of the potential vulnerabilities and functional issues are documented online:
https://security-center.intel.com

Affection and Remediation

Affected Fujitsu Products

A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute updates for all affected products that are currently supported. Older systems that are no longer supported will not be updated.

A List of affected Fujitsu products (APL) on the affected Client Computing Devices (CELSIUS, ESPRIMO, FUTRO, LIFEBOOK, STYLISTIC), Server products (PRIMERGY and PRIMEQUEST), Storage products (ETERNUS), Solutions (PRIMEFLEX), Server BS2000 products (SE, AU) and Implementation Services (AIS) can be found here:
List of affected Fujitsu products (APL)

This Fujitsu PSIRT security advisory and the list of affected Fujitsu products will be updated as soon as new information is available.

NOTE:
Intel® security advisories INTEL-SA-01010, INTEL-SA-01070, INTEL-SA-01073, INTEL-SA-01088, INTEL-SA-01089, INTEL-SA-01095, INTEL-SA-01102, INTEL-SA-01128 and INTEL-SA-001164 are not part of this 2024.3 Intel Platform Update (IPU). The Fujitsu PSIRT already addressed these Intel® security advisories internally and will release Fujitsu PSIRT security notices, depending on the result of the final analysis.

Recommended Steps for Remediation

Remediation via BIOS Update
Step 1: Determine whether system is affected

• Refer to the list of affected Fujitsu products (APL). This list is updated regularly.
  Before proceeding, please check the expected availability of the relevant BIOS update package.

Step 2: Download the BIOS update package

• To download the BIOS update package, please go to the Fujitsu Technical Support page and follow these steps:
• • Select "Select a new Product" [button]
• • Select "Browse for product"
• • Select "product line"
• • Select "product group" and "product family"
• • Select "OS Independent (BIOS, Firmware, etc.) [drop-down list]"
• • Check "Important information" and/or "Installation description"
• • Download the latest BIOS update package

Step 3: Preparation & BIOS update procedure

• Content extraction and update execution are system dependent. The BIOS update package usually contains an EfiFlashEfiUsage.txt, ReleaseNote.txt or ReadMe.txt file with further specific instructions for the BIOS update. Please follow these instructions to commence the firmware update.

NOTE:
Most Client Computing Device BIOS update packages are capable of commencing the CSME update as a capsule update. For this purpose, Deskflash runs the CSME update, from the Fujitsu BIOS Admin Pack, using a "BUP" file in the context of the underlying BIOS update.

Remediation via Management Engine (CSME) Update
Updating the CSME firmware is an alternative to updating the BIOS and used when a BIOS update is not planned. However, it may only be available for some specific Client Computing Devices.

Step 1: Determine whether system is affected

• Refer to the list of affected Fujitsu products (APL). This list is updated regularly.
  Before proceeding, please check the expected availability of the relevant CSME update package.

Step 2: Download the CSME update package

• To download the CSME update package, please go to the Fujitsu Technical Support page and follow these steps:
• • Select "Select a new Product" [button]
• • Select "Browse for product"
• • Select "product line"
• • Select "product group" and "product family"
• • Select "OS Independent (BIOS, Firmware, etc.) [drop-down list]"
• • Check "Important information" and/or "Installation description"
• • Download the latest CSME update package

Step 3: Preparation & BIOS update procedure

• After CSME Firmware update package download, extract all contents of the "Firmware.ME" directory for Windows, to the desired directory on the destination hard drive. Then run "update.bat" in Windows cmd.exe, with administrative privileges, to start the CSME flash procedure (32-bit or 64-bit).

NOTE:
To run the CSME update procedure, using a Windows installation, it is necessary to have the Windows "HECI" driver installed. Please use the Intel® Active Management Technology (Intel® AMT) Driver package for Windows. In Windows PE, this can be done at runtime by executing "drvload.exe <path-to-HECI.INF>\HECI.INF", to extract the "HECI" driver from the Intel® AMT Driver package.

Links for Software Security Updates

Vendor Fujitsu
security.ts.fujitsu.com

Vendor Intel
security-center.intel.com

Further Information

Contact Details

Should you require any further support on product security, please contact: Fujitsu-PSIRT@ts.fujitsu.com.

Legal Statement

Fujitsu does not manufacture the affected microprocessors, that Fujitsu buys from third party suppliers and integrates into its products. Therefore, this communication is based on the information and recommendations Fujitsu has received from the third party suppliers of the affected microprocessors.

Fujitsu does not warrant that this communication is applicable or complete for all customers and all situations. Fujitsu recommends that customers determine the applicability of this communication to their individual situation and take appropriate measures. Fujitsu is not liable for any damages or other negative effects, resulting from customers' use of this communication. All details of this communication are provided "as is" without any warranty or guarantee. Fujitsu reserves the right to change or update this communication at any time.

Websites of other companies referred to in this communication are the sole responsibility of such other companies. Fujitsu does not assume any liability with respect to any information and materials provided by its suppliers, including on such websites.

Designations may be protected by trademarks and/or copyrights of Fujitsu or the respective owners, the use of which by third parties for their own purposes may infringe the rights of such owners.