Lenovo Security Advisory: LEN-24477
Potential Impact: Denial of service
Severity: High
Scope of Impact: Lenovo-specific
CVE Identifier: CVE-2018-9085
Summary Description:
A write protection lock bit was left unset after boot on an older generation of System x server, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. Other system firmware remains protected and unmodifiable, such as UEFI (BIOS) or IMM2.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update UEFI to the version (or newer) described for your model in the product impact section below.
Product Impact: