SMM "Incursion" Attack

Lenovo Security Advisory: LEN-2015-002 **Potential Impact:**Execute arbitrary code, Bypass Secure Boot, Denial of Service, Escalation of Privilege Severity: Medium

Summary:
Some BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of System Management RAM (SMRAM). An attacker can exploit these calls to bypass Secure Boot, read/write system memory, or overwrite, modify, or corrupt the BIOS.

Description:
SMM is the most privileged execution mode of the x86 processor, and only SMM should normally be able to access SMRAM. Some BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM, allowing an attacker with logical access to a computer to execute arbitrary code in the highly privileged SMM context. Doing so enables an attacker to bypass Secure Boot or read/write all system memory.

Additionally, an attacker can use this mechanism to overwrite, modify, or corrupt the BIOS on computers that do not use protected range registers as a BIOS write protection mechanism.