INTEL-SA-00116: Intel® 2G Firmware Update for Modems using ETWS

Intel ID: INTEL-SA-00116
Product family: Intel® XMM71xx, Intel® XMM72xx, Intel® XMM73xx, Intel® XMM74xx, Sofia 3G, Sofia 3G-R, and Sofia 3G-RW
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: Apr 04, 2018

Buffer overflow in ETWS processing module Intel® XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network. In late February 2018, external security researchers identified and disclosed to Intel a security vulnerability affecting Intel® 2G Modem firmware. The vulnerability affects Intel® 2G Modem products where the Earthquake Tsunami Warning System (ETWS) feature is enabled in Modem firmware. Devices equipped with an affected modem, when connected to a rogue 2G base station where non-compliant 3GPP software may be operational, are potentially at risk. Intel is making firmware updates available to device manufacturers that protect systems from this vulnerability. End users should check with their device manufacturers and apply any available updates as soon as practical. Intel would like to thank Dr. Ralph Phillip Weinmann and Dr. Nico Golde from Comsecuris for reporting CVE-2018-3624.


One thought on “INTEL-SA-00116: Intel® 2G Firmware Update for Modems using ETWS

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s