BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - Lenovo Support NL

Lenovo Security Advisory: LEN-20527

Potential Impact: Elevation of privilege

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2018-9062, CVE-2018-12169

Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a hardware SPI programmer to the BIOS storage device and reprogram the device’s contents. Intel Boot Guard protects against this by detecting code that is not digitally signed by Lenovo. Two vulnerabilities in that code verification process have been found:

• CVE-2018-9062: One BIOS region is not properly included in the checks, allowing injection of arbitrary code.
• CVE-2018-12169: Platform sample firmware supplied by Intel, and incorporated by Lenovo in to multiple products, scans for and executes code in a region that should not contain executable code.

Mitigation Strategy for Customers (what you should do to protect yourself): Update BIOS/UEFI to the version (or later) recommended for your model in the Product Impact section.

Product Impact: