CVE-2018-12190 (converged_security_management_engine_firmware, trusted_execution_engine_firmware)

Insufficient input validation in Intel CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially execute arbitrary code via local access.
Source: NIST