Lenovo Security Advisory: LEN-22810
Potential Impact: Elevation of privilege, information disclosure, denial of service
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2018-3655, CVE-2018-3657, CVE-2018-3658, CVE-2018-3659, CVE-2018-3616
Summary Description: Intel has disclosed multiple Converged Security and Management Engine (CSME) / Server Platform Services (SPS) and Trusted Execution Environment (TXE) vulnerabilities, allowing an attacker to potentially expose information stored by CSME, change CSME / SPS data or settings, execute code on CSME, and deny service via network access. Please see the Intel security advisories referenced below for details.
Mitigation Strategy for Customers (what you should do to protect yourself): All CSME / SPS and TXE fixes are rolled-up into firmware packages for each model. Intel recommends upgrading to the CSME or SPS firmware to the version (or newer) indicated for your model in the Product Impact section below.
Product Impact: