<p>Researchers from a cybersecurity company Positive Technologies has just discovered a new security flaw affecting all Intel CPU&#8217;s released in the last five years. The new vulnerability was discovered in Intel&#8217;s Converged Security and Management Engine (CSME) ROM which is a subsystem that validates the firmware running on Intel-based computers.</p>
<p><img class="alignnone size-full wp-image-3577" src="https://www.wincert.net/wp-content/uploads/2020/03/intel-3064506_640.jpg" alt="" width="640" height="426" /></p>
<p>The <a href="https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html" target="_blank" rel="noopener noreferrer">report shows</a> that this vulnerability cannot be fixed by firmware updates and that it sets the stage for arbitrary code execution in Intel&#8217;s CSME. Luckily, Intel&#8217;s 10th Gen CPU chips are not affected by this flaw.</p>
<p>This flaw threatens Intel&#8217;s efforts in building a root of trust and laying a solid security foundation on the company&#8217;s platforms. Unfortunately, it is impossible to fix firmware errors that are hard-coded in the Mask ROMs and thus the system can be compromised at the hardware level by possibly destroying the chain of trust for the whole platform, as explained by Positive Technologies.</p>
<p>Intel is not too much worried about this vulnerability as the attacker would require physical access and special hardware to take advantage of this flaw. The company also said that it has released mitigations and advises keeping the systems up-to-date even though researchers from Positive Technologies said that this flaw cannot be fixed.</p>