The 'Intel Management Engine' is something like God on your CPU. Unfortunately its creators were quite human. This manifests in imperfections, also known as bugs. CVE-2017-5689 is one of those (https://www.ssh.com/vulnerability/intel-amt/). Successfully exploiting a bug in the ME will make an attacker very happy as this could get him complete control over the unlucky machine. If the bug additionally is exploitable remotely we have heaven on earth. At least for attackers. For all others this smells like hell.
This is probably not too surprising for Qubes people. The ME has been known to be a security problem before. I have no insight in the named vulnerability nor in the technicalities of the ME. So I'm wondering how this affects Qubes. - Can it be exploited from remote if the right (or wrong) network/wireless card is used? Yes, NICs are attached to sys-net, but does that really help in this case? - Can it be exploited locally from a VM? - One way to fix this particular problem is to update the firmware. (If you're lucky enough to get an update for your computer). Is there an other way? Maybe isolating the ME from all PCI devices? My guess is: No. Please show me that I'm wrong... Another point that makes me wonder but might be out of topic for this group: Intel released the vulnerability. Why? Because it has been leaked. I'm sure Intel did not know anything about this before. You? Thanks for sharing thoughts! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c650d629-ec10-44a5-9e86-f4301f7556ae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
