Confused on Steam Play and Proton? Be sure to check out our guide.
We do often include affiliate links to earn us some pennies. See more here.

Researchers have uncovered a fun new vulnerability in Intel processors, and this one has a claim attached that it's not possible to fix it.Sound familiar? Yeah, there's been a lot of problems over at Intel in the last couple years. We reported on some back in January and it seems it's not getting any better.

This issue, found and reported by Positive Technologies, mentions CVE-2019-0090 which as the numbered year suggests was already announced last year. However, the plot thickens. If you have an Intel chipset and/or SoC older than the 10th Generation (so anything in the last few years), you will be affected by this.

Not something you can get a firmware update or an operating system patch to help with either, since it concerns the Converged Security and Management Engine (CSME). As written by the folks over at Positive Technologies:

We will provide more technical details in a full-length white paper to be published soon. We should point out that when our specialists contacted Intel PSIRT to report the vulnerability, Intel said the company was already aware of it (CVE-2019-0090). Intel understands they cannot fix the vulnerability in the ROM of existing hardware. So they are trying to block all possible exploitation vectors. The patch for CVE-2019-0090 addresses only one potential attack vector, involving the Integrated Sensors Hub (ISH). We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access.

As you can see, it's not going to be the most practical for people to break into so you don't need to go and wildly panic right this second, since they would need some sort of physical and local access but it's still a damning look for Intel's processor security. To have something so severe that can only be fixed by replacing the entire hardware—ouch.

Do you currently have an Intel CPU and are you considering switching to AMD? Let us know in the comments. AMD aren't entirely secure themselves though, multiple past issues have also affected them.

Article taken from GamingOnLinux.com.
13 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
49 comments
Page: «2/5»
  Go to:

Samsai Mar 6, 2020
Quoting: rkfgWhy do you think AMD is more secure? Sure, their CPUs/chipsets don't have these exact Intel technologies but they have other things that might be vulnerable. Also, many of those CPU data leaks were not Intel-specific.
Absence of evidence is naturally not evidence of absence but I think it's still worth considering that with the amount of negative press towards Intel due to the vulnerabilities discovered in their products, Intel would be motivated to throw money at security research into AMD CPUs to alleviate the PR pressure on them. The fact that results of such research have revealed relatively few vulnerabilities would suggest that either Intel isn't paying them enough or the architecture is more sound when it comes to modern side-channel attacks.

The AMD PSP has been revealed to have had security vulnerabilities though, although apparently those were mitigated via firmware updates rather than requiring silicon changes. It would still be nice if we didn't have these co-processors on our CPUs when we don't even use them for anything in consumer computing.


Last edited by Samsai on 6 March 2020 at 2:07 pm UTC
slaapliedje Mar 6, 2020
Ha, let's just all move to RISC-V or POWER9!
fabertawe Mar 6, 2020
My current i7 4790k was my first Intel CPU for about 20 years! I only bought that because my trusty Phenom died.

My next CPU will be AMD, 100%. By the time I do upgrade though, the new AMD processors will be out and I should be able to pick up an older (i.e. current now) CPU for a very decent price.
Raaben Mar 6, 2020
I'm not worried about being personally affected by these, but it further cements my decision to go AMD when I do upgrade later this year. I know nothing is ever flawless, but it sure seems that most of these issues are biased to one side.
Nanobang Mar 6, 2020
View PC info
  • Supporter
Last weekend, out went my venerable i7 4950 and in went a shiny new Ryzen 9 3900X.

*mic drop*
dubigrasu Mar 6, 2020
I do have an Intel CPU now, but when the time to upgrade comes I'll buy the one CPU that gives me the best single-core performance, what brand doesn't matter, I don't have an allegiance with either of them.
I know we're seeing more and more games taking advantages of multiple cores, but for the moment the single-core perf is what I look for.
BielFPs Mar 6, 2020
This somehow makes me a little happy to still be using an old Athlon II X3 (which "transform" into a Phenon II X4 after using Asus Core Unlocker)

I wonder if this will result in another performance hit for linux users.
Samsai Mar 6, 2020
Quoting: BielFPsThis somehow makes me a little happy to still be using an old Athlon II X3 (which "transform" into a Phenon II X4 after using Asus Core Unlocker)

I wonder if this will result in another performance hit for linux users.
It won't and it can't, since the flaw is in the boot ROM. The problem cannot be mitigated from the outside, therefore mitigations cannot cause performance loss. Secondly, it's a flaw in the CSME so it's unlikely the vulnerable code and a possible mitigation would be relevant to a hot code path that would cause a performance regression.
PopeRigby Mar 6, 2020
This is just stupid. I'm definitely upgrading to AMD next chance I get. Intel has shown time and time again that they don't care about their customers in the slightest.
How empiric are these reports?
How do I know this is not just negative paid publicity?
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.