Security News Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/intel-spi-flash-flaw-lets-attackers-alter-or-delete-bios-uefi-firmware/
Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory —a mandatory component used during the boot-up process [1, 2, 3].
According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware."
Lenovo engineers say "this would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution."
Click to expand...
Intel deployed fixes for this vulnerability (CVE-2017-5703) on April 3. The chipset maker says the following CPU series utilize unsafe opcodes that allow local attackers to take advantage of this security bug:


8th generation Intel® Core™ Processors
7th generation Intel® Core™ Processors
6th generation Intel® Core™ Processors
5th generation Intel® Core™ Processors
Intel® Pentium® and Celeron® Processor N3520, N2920, and N28XX
Intel® Atom™ Processor x7-Z8XXX, x5-8XXX Processor Family
Intel® Pentium™ Processor J3710 and N37XX
Intel® Celeron™ Processor J3XXX
Intel® Atom™ x5-E8000 Processor
Intel® Pentium® Processor J4205 and N4200
Intel® Celeron® Processor J3455, J3355, N3350, and N3450
Intel® Atom™ Processor x7-E39XX Processor
Intel® Xeon® Scalable Processors
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor E3 v5 Family
Intel® Xeon® Processor E7 v4 Family
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E7 v2 Family
Intel® Xeon® Phi™ Processor x200
Intel® Xeon® Processor D Family
Intel® Atom™ Processor C Series

The bug has received a severity score of 7.9 out of 10 on the CVSSv3 scale. Intel said it discovered the issue internally.
"Issue is root-caused, and the mitigation is known and available," the company said in a security advisory. "To Intel’s knowledge, the issue has not been seen externally."
Click to expand...
 
  • Like
Reactions: Danielx64, harlan4096, CyberTech and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass
Replies
2
Views
1,681
Security News
SeriousHoax
SeriousHoax
LASER_oneXM
    • Like
Crucial BIOS update rolling out for Intel 11th Gen, 10th Gen, and more CPUs, fixes LPE bug
Replies
1
Views
1,362
News Archive
LASER_oneXM
LASER_oneXM
The_King
    • Like
    • +Reputation
    • Wow
Intel confirms two local security issues that affect many Intel processor generations
Replies
1
Views
1,412
News Archive
The_King
The_King

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top