Lenovo Security Advisory: LEN-16445
**Potential Impact:**An attacker could manipulate the vulnerability to prevent a system from booting, to cause it to operate in an unusual way, or execute arbitrary code during the system boot sequence.
Severity: High
**Scope of Impact:**Industry-wide
**CVE Identifier:**CVE-2017-5703
Summary Description:
Intel has issued new guidance relating to SPI controllers inside multiple Intel chipsets. The configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware. This would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution.
Mitigation Strategy for Customers (what you should do to protect yourself):
Refer to the Product Impact section below and update to the appropriate BIOS/UEFI version with the Intel recommended changes for your model.
Product Impact: