Product Support

DOWNLOAD BASKET

DOWNLOADS

CONTACTS

PRODUCT SUPPORT

WARRANTY

PRODUCT SECURITY

MySupport

Important information - Javascript inactiv

	The current safety settings of your browser limit the execution of certain elements of this site. To offer the best possible support and to make the navigation on our site as convenient as possible for you it is mandatory to accept JavaScript in the settings of your browser. To receive a flawless presentation please follow these instructions.
	Mozilla Firefox
	In the address bar, type "about:config" (with no quotes), and press Enter. Click "I'll be careful, I promise" In the search bar, search for "javascript.enabled" (with no quotes). Right click or double click the result named "javascript.disabled" and change to "enabled". JavaScript is now enabled.

Product Security

Introduction & FAQ

Contact Details

Security Advisories

Security Notices

Policy Statement

Fujitsu PSIRT — Security Advisories (2025)

2025.1 INTEL PLATFORM UPDATE (IPU)

Intel 2025.1 IPU covering Intel® Chipset Firmware (CSME, AMT & ISM) updates, Intel® Firmware (BIOS) updates, Intel® Processor Microcode (MC) updates

Fujitsu Communication

Original release:	February 12, 2025
Last update:	N/A
Fujitsu PSIRT ID:	FJ-ISS-2024-092000

Advisory Description

INTEL-SA-01152: 2025.1 IPU - Intel® Chipset Firmware (CSME, AMT, ISM) Advisory

Potential vulnerabilities in the Intel® Converged Security and Management Engine (Intel® CSME), Intel® Active Management Technology (Intel® AMT) and Intel® Standard Manageability (Intel® ISM) may allow a denial of service, information disclosure or an escalation of privilege. The detailed description of the vulnerabilities is as follows:

CVE-2024-38307: Improper input validation in the firmware for some Intel® AMT and Intel® Standard Manageability (Intel® ISM) may allow an authenticated user to potentially enable denial of service via network access.
CVE-2024-30211: Improper access control in some Intel® ME driver pack installer engines before version 2422.6.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-26021: Improper initialization in the firmware for some Intel® AMT and Intel® Standard Manageability (Intel® ISM) may allow a privileged user to potentially enable information disclosure via local access.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01152 is:
Denial of Service, Information Disclosure, Privilege Escalation

INTEL-SA-01139: 2025.1 IPU - Intel® Firmware (BIOS) Advisory

Potential vulnerabilities in the BIOS firmware for some Intel® Processors may allow a denial of service, information disclosure or an escalation of privilege. The detailed description of the vulnerabilities is as follows:

CVE-2023-43758: Improper input validation in UEFI firmware for some Intel® processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-34440: Improper input validation in UEFI firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-24582: Improper input validation in XmlCli feature for UEFI firmware for some Intel® processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-29214: Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-28127: Improper input validation in UEFI firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-39279: Insufficient granularity of access control in UEFI firmware in some Intel® processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-31157: Improper initialization in UEFI firmware OutOfBandXML module in some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-28047: Improper input validation in UEFI firmware for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access.

Intel informed, that the released microcode to mitigate CVE-2024-39279 is OS loadable for Whitley and Eagle Stream platforms.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01139 is:
Denial of Service, Information Disclosure, Privilege Escalation

INTEL-SA-01213: 2025.1 IPU - Intel® [Processor] SGX (MC) Advisory

A potential vulnerability in some Intel® Software Guard Extensions (Intel® SGX) platforms may allow a denial of service. The detailed description of the vulnerability is as follows:

CVE-2024-36293: Improper access control in the EDECCSSA user leaf function for some Intel® Processors with Intel® SGX may allow an authenticated user to potentially enable denial of service via local access.

Customers may please refer to the original 2025.1 IPU - Intel® [Processor] SGX Advisory as well as the Intel® Microcode Update Guidance document, to inform themselves on the microcode update (MCU) process in connection with this Intel PSIRT Security Advisory.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01213 is:
Denial of Service

INTEL-SA-01228: 2025.1 IPU - Intel® 13/14th Gen. Core™ Processor (MC) Advisory

A potential vulnerability in some 13th and 14th Generation Intel® Core™ processors may allow a denial of service. The detailed description of the vulnerability is as follows:

CVE-2024-39355: Improper handling of physical or environmental conditions in some Intel® Processors may allow an authenticated user to enable denial of service via local access.

Customers may please refer to the original 2025.1 IPU - Intel® 13/14th Gen. Core™ Processor Advisory as well as the Intel® Microcode Update Guidance document, to inform themselves on the microcode update (MCU) process in connection with this Intel PSIRT Security Advisory.

Potential Impact: According to the information provided the potential impact of INTEL-SA-01228 is:
Denial of Service

2025.1 IPU - Intel® Processor Microcode (MC) Updates (MCU)

Additionally, multiple functional updates took place in Intel® Processor Microcode (MC), affecting several products / architectures, referring to:

IERR occurs when doing OS system reset during graceful shutdown: When setting a new PCIe configuration for RKL Tatlow, IERR occurs at OS system reset during graceful shutdown. Failure occurs once every 24 hours. MCU fix is to skip the timeout check to prevent Machine Check. (Rocket Lake (A0671), Tatlow (A0671))
Feature PCS88 needed to debug PCU.DISPATCHER_RUN_BUSY_TIMEOUT(0xba000000b0000402) issue: Added debug feature, PCS88, as requested by customer to support debug requests to PCU.DISPATCHER_RUN_BUSY_TIMEOUT(0xba000000b0000402). (Ice Lake SP (606A6))

There were no additional CVEs assigned to these FUNCTIONAL updates.

Reference(s) (INTEL-SA-01152, INTEL-SA-01139, INTEL-SA-01213, INTEL-SA-01228)

INTEL-SA-01152: 2025.1 IPU - Intel® Chipset Firmware (CSME, AMT, ISM) Advisory

The description of the vulnerabilities is as follows:

CVE ID	CVSS Score	PCRSS (ARF) Score	EPSS Score
CVE-2024-38307	High (7.7)	High (5)	~ Low (0.15%)
CVE-2024-30211	Medium (6.0)	High (5)	~ Low (0.04%)
CVE-2024-26021	Low (2.3)	High (5)	~ Low (0.04%)

INTEL-SA-01139: 2025.1 IPU - Intel® Firmware (BIOS) Advisory

The description of the vulnerabilities is as follows:

CVE ID	CVSS Score	PCRSS (ARF) Score	EPSS Score
CVE-2023-43758	High (8.2)	High (5)	~ Low (0.10%)
CVE-2023-34440	High (7.5)	High (5)	~ Low (0.10%)
CVE-2024-24582	High (7.5)	High (5)	~ Low (0.10%)
CVE-2024-29214	High (7.5)	High (5)	~ Low (0.10%)
CVE-2024-28127	High (7.5)	High (5)	~ Low (0.10%)
CVE-2024-39279	High (6.5)	High (5)	~ Low (0.04%)
CVE-2024-31157	High (5.3)	High (5)	~ Low (0.04%)
CVE-2024-28047	Medium (5.3)	High (5)	~ Low (0.04%)

INTEL-SA-01213: 2025.1 IPU - Intel® [Processor] SGX (MC) Advisory

The description of the vulnerabilities is as follows:

CVE ID	CVSS Score	PCRSS (ARF) Score	EPSS Score
CVE-2024-36293	Medium (6.5)	High (5)	~ Low (0.05%)

INTEL-SA-01228: 2025.1 IPU - 2025.1 IPU - Intel® 13/14th Gen. Core™ Processor (MC) Advisory

The description of the vulnerability is as follows:

CVE ID	CVSS Score	PCRSS (ARF) Score	EPSS Score
CVE-2024-39355	Medium (6.5)	High (5)	~ Low (0.05%)

Links for Technical Details

Technical details of the potential vulnerabilities and functional issues are documented online:
https://security-center.intel.com

Affection and Remediation

Affected Fujitsu Products

A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute updates for all affected products that are currently supported. Older systems that are no longer supported will not be updated.

A List of affected Fujitsu products (APL) on the affected Client Computing Devices (CELSIUS, ESPRIMO, FUTRO, LIFEBOOK, STYLISTIC), Server products (PRIMERGY and PRIMEQUEST), Storage products (ETERNUS), Solutions (PRIMEFLEX), Server BS2000 products (SE, AU) and Implementation Services (AIS) can be found here:
List of affected Fujitsu products (APL)

This Fujitsu PSIRT security advisory and the list of affected Fujitsu products will be updated as soon as new information is available.

NOTE:
Intel® Security Advisory INTEL-SA-01166 (MC) is officially part of the previous 2024.4 Intel Platform Update (IPU). All necessary mitigations will be issued along with this 2025.1 Intel Platform Update (IPU).

Intel® Security Advisories INTEL-SA-01198 (BIOS) and INTEL-SA-01111 (MC) are not officially part of this 2025.1 Intel Platform Update (IPU). All necessary mitigations will be issued along with this 2025.1 Intel Platform Update (IPU), or the upcoming 2025.2 Intel Platform Update (IPU).

Intel® security advisories INTEL-SA-00590, INTEL-SA-00606, INTEL-SA-01144, INTEL-SA-01184, INTEL-SA-01089, INTEL-SA-01224, INTEL-SA-01235 and INTEL-SA-01236 are not part of this 2025.1 Intel Platform Update (IPU). The Fujitsu PSIRT already addressed these Intel® security advisories internally and will release Fujitsu PSIRT security notices, depending on the result of the final analysis.

Recommended Steps for Remediation

Remediation via BIOS Update
Step 1: Determine whether system is affected

Refer to the list of affected Fujitsu products (APL). This list is updated regularly.
Before proceeding, please check the expected availability of the relevant BIOS update package.

Step 2: Download the BIOS update package

To download the BIOS update package, please go to the Fujitsu Technical Support page and follow these steps:
• Select "Select a new Product" [button]
• Select "Browse for product"
• Select "product line"
• Select "product group" and "product family"
• Select "OS Independent (BIOS, Firmware, etc.) [drop-down list]"
• Check "Important information" and/or "Installation description"
• Download the latest BIOS update package

Step 3: Preparation & BIOS update procedure

Content extraction and update execution are system dependent. The BIOS update package usually contains an EfiFlashEfiUsage.txt, ReleaseNote.txt or ReadMe.txt file with further specific instructions for the BIOS update. Please follow these instructions to commence the firmware update.

NOTE:
Most Client Computing Device BIOS update packages are capable of commencing the CSME update as a capsule update. For this purpose, Deskflash runs the CSME update, from the Fujitsu BIOS Admin Pack, using a "BUP" file in the context of the underlying BIOS update.

Remediation via Management Engine (CSME) Update
Updating the CSME firmware is an alternative to updating the BIOS and used when a BIOS update is not planned. However, it may only be available for some specific Client Computing Devices.

Step 1: Determine whether system is affected

Refer to the list of affected Fujitsu products (APL). This list is updated regularly.
Before proceeding, please check the expected availability of the relevant CSME update package.

Step 2: Download the CSME update package

To download the CSME update package, please go to the Fujitsu Technical Support page and follow these steps:
• Select "Select a new Product" [button]
• Select "Browse for product"
• Select "product line"
• Select "product group" and "product family"
• Select "OS Independent (BIOS, Firmware, etc.) [drop-down list]"
• Check "Important information" and/or "Installation description"
• Download the latest CSME update package

Step 3: Preparation & BIOS update procedure

After CSME Firmware update package download, extract all contents of the "Firmware.ME" directory for Windows, to the desired directory on the destination hard drive. Then run "update.bat" in Windows cmd.exe, with administrative privileges, to start the CSME flash procedure (32-bit or 64-bit).

NOTE:
To run the CSME update procedure, using a Windows installation, it is necessary to have the Windows "HECI" driver installed. Please use the Intel® Active Management Technology (Intel® AMT) Driver package for Windows. In Windows PE, this can be done at runtime by executing "drvload.exe <path-to-HECI.INF>\HECI.INF", to extract the "HECI" driver from the Intel® AMT Driver package.

Links for Software Security Updates

Vendor Fujitsu
security.ts.fujitsu.com

Vendor Intel
security-center.intel.com

Further Information

Contact Details

Should you require any further support on product security, please contact: Fujitsu-PSIRT@ts.fujitsu.com.

Legal Statement

Fujitsu does not manufacture the affected microprocessors, that Fujitsu buys from third party suppliers and integrates into its products. Therefore, this communication is based on the information and recommendations Fujitsu has received from the third party suppliers of the affected microprocessors.

Fujitsu does not warrant that this communication is applicable or complete for all customers and all situations. Fujitsu recommends that customers determine the applicability of this communication to their individual situation and take appropriate measures. Fujitsu is not liable for any damages or other negative effects, resulting from customers' use of this communication. All details of this communication are provided "as is" without any warranty or guarantee. Fujitsu reserves the right to change or update this communication at any time.

Websites of other companies referred to in this communication are the sole responsibility of such other companies. Fujitsu does not assume any liability with respect to any information and materials provided by its suppliers, including on such websites.

Designations may be protected by trademarks and/or copyrights of Fujitsu or the respective owners, the use of which by third parties for their own purposes may infringe the rights of such owners.