Intel SPI Flash Flaw Allows BIOS and UEFI Deletion

While having your OS compromised is certainly not a good thing, but I assure you that most [H]’ers would rather see their OS corrupted with malware than your BIOS or UEFI being deleted. Don’t worry though, this only affects pretty much every Intel CPU in use today, so at least there is an upside. Seems that Bleeping Computer has been talking to Lenovo on this. Maybe we could get them to ask Lenovo about NVIDIA GPP? Thanks @cageymaru.



According to Lenovo, who recently deployed the Intel fixes, “the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware.”

Intel deployed fixes for this vulnerability (CVE-2017-5703) on April 3. The chipset maker says the following CPU series utilize unsafe opcodes that allow local attackers to take advantage of this security bug:

Discussion

Source: [H]ardOCP – Intel SPI Flash Flaw Allows BIOS and UEFI Deletion

Leave a Reply