A simple tool that tells you whether AMT is enabled and provisioned on Linux systems. Requires that the mei_me driver (part of the upstream kernel) be loaded.
If run on a system with no AMT, output will look like: Intel AMT: DISABLED If AMT is enabled but not provisioned, output will look like: Intel AMT is present AMT is unprovisioned In this state, AMT is not vulnerable to CVE-2017-5689. If AMT is enabled and provisioned, output will look like: Intel AMT is present AMT is provisioned Flash: 9.5.40 Netstack: 9.5.40 AMTApps: 9.5.40 AMT: 9.5.40 Sku: 8200 VendorID: 8086 Build Number: 1892 Recovery Version: 9.5.40 Recovery Build Num: 1892 Legacy Mode: False If AMT is enabled and provisioned and the AMT version is between 6.0 and 11.2, and you have not upgraded your firmware, you are vulnerable to CVE-2017-5689. Disable AMT in your system firmware.
Assigning this package request to all packagers collectively. On a voluntary basis, one of them might, if there are no license or other legal issues, want to integrate it to the distribution and maintain it for bug and security fixes.
CC: (none) => marja11Severity: normal => enhancementAssignee: bugsquad => pkg-bugsSummary: [Package Request] mei-amt-check CVE-2017-5689. => mei-amt-check, a simple tool that tells you whether AMT is enabled and provisioned on Linux systems.