I really hate this IME crap. Everything about IME seems so stupid, it’s only natural that there would be constant security vulnerabilities. IME is basically the ultimate trojan horse: a secretive chip that can be tricked into doing practically anything.
Intel has submitted patches to the Linux kernel, but the comments have been redacted to obfuscate what exactly the issue is.
If I were a kernel maintainer, I would think twice before accepting this patch. I would never accept any patch that I can’t understand, not in a million years. Of course, it was only the comments that were removed, not the actual code, so I guess it’s not all bad. Still, Intel’s insistence on keeping these security vulnerabilities secret will only make us more vulnerable in the long run.