Lenovo Security Advisory: LEN-31390
Potential Impact: Information disclosure, privilege escalation
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2019-14630
Summary Description:
Intel reported potential security vulnerabilities, requiring physical access and dedicated equipment, in Intel Thunderbolt that could allow a malicious peripheral device to access secret data and change system behavior on systems with Thunderbolt interfaces.
Mitigation Strategy for Customers (what you should do to protect yourself):
Intel recommends the following guidelines for a robust DMA protection solution:
For all systems, Lenovo recommends customers follow best security practices as described by Intel, including the use of only trusted peripherals and preventing unauthorized physical access to computers.
To detect potential system tampering customers can enable Tamper Detection/Chassis Intrusion Detection in BIOS on supported systems and protect the setting with a BIOS Administrator/Supervisor Password.
To completely disable Thunderbolt, concerned customers can set the Thunderbolt BIOS setting to Disabled and protect the setting with a BIOS Administrator/Supervisor Password. NOTE: On some systems, this may also disable USB-C ports.