04-15-2018 , 10:40 PM
Quote:Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory —a mandatory component used during the boot-up process [1, 2, 3].
According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware."
Lenovo engineers say "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution."
Intel deployed fixes for this vulnerability (CVE-2017-5703) on April 3. The chipset maker says the following CPU series utilize unsafe opcodes that allow local attackers to take advantage of this security bug:
Read the full article here:
https://www.bleepingcomputer.com/news/se...-firmware/