Lenovo Security Advisory: LEN-20527
Potential Impact: Elevation of privilege
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2018-9062, CVE-2018-12169
Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a hardware SPI programmer to the BIOS storage device and reprogram the device’s contents. Intel Boot Guard protects against this by detecting code that is not digitally signed by Lenovo. Two vulnerabilities in that code verification process have been found:
Mitigation Strategy for Customers (what you should do to protect yourself): Update BIOS/UEFI to the version (or later) recommended for your model in the Product Impact section.
Product Impact: