System firmware Can Be Erased or Corrupted After Boot - Lenovo Support US

Lenovo Security Advisory: LEN-16445

**Potential Impact:**An attacker could manipulate the vulnerability to prevent a system from booting, to cause it to operate in an unusual way, or execute arbitrary code during the system boot sequence.

Severity: High

**Scope of Impact:**Industry-wide

**CVE Identifier:**CVE-2017-5703

Summary Description:

Intel has issued new guidance relating to SPI controllers inside multiple Intel chipsets. The configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware. This would most likely result in a visible malfunction, but could in rare circumstances result in arbitrary code execution.

Mitigation Strategy for Customers (what you should do to protect yourself):

Refer to the Product Impact section below and update to the appropriate BIOS/UEFI version with the Intel recommended changes for your model.

Product Impact: