PT-2025-41852

Name of the Vulnerable Software and Affected Versions Clevo UEFI firmware update packages, including B10717.exe Description The UEFI firmware update packages inadvertently included private signing keys used for Boot Guard and Boot Policy Manifest verification. Exposure of these keys could allow...

EUVD-2020-29553

Malware in sbrugna...

EUVD-2024-21085

Malicious code in bioql PyPI...

CVE-2021-3453

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage...

CVE-2020-8705

Insecure default initialization of resource in IntelR Boot Guard in IntelR CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE versions before 3.1.80 and 4.0.30, IntelR SPS versions before E504.01.04.400, E304.01.04.200, SoC-X04.00.04.200...

CVE-2024-23591

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...

Code injection

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...

CVE-2024-23591

The CVE-2024-23591 entry concerns Lenovo ThinkSystem SR670V2 servers (manufactured roughly June 2021–July 2023) left in Manufacturing Mode. Affected scenario: an attacker with privileged logical access to the host or physical access to server internals could modify or disable Intel Boot Guard fir...

CVE-2024-23591

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...

CVE-2024-23591

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...

Lenovo ThinkSystem Security Breach

Lenovo ThinkSystem is a ThinkSystem series server appliance from Lenovo, China. A security vulnerability exists in the Lenovo ThinkSystem SR670V2 that originates from a vulnerability that allows an attacker with logical access to the host or physical access within the server to modify or disable...

PT-2024-1819 · Lenovo · Lenovo Thinksystem Sr670V2

Name of the Vulnerable Software and Affected Versions: Lenovo ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 Description: The issue is related to Lenovo ThinkSystem SR670V2 servers being left in Manufacturing Mode, which could allow an attacker with privileged...

Firmware and Intel Boot Guard keys leaked in ransomware attack on MSI

In late March, hardware manufacturer MSI was hit by a ransomware attack. As a result of this ransomware attack, private keys were according to security firm Binarly, private keys were leaked that are used to digitally sign firmware for motherboards. Also compromised were private keys used by Inte...

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

On April 7, 2023 MSI Micro-Star International released a statement confirming a cyberattack on part of its information systems. While the statement does not reveal a lot of tangible information, this snippet is important: "MSI urges users to obtain firmware/BIOS updates only from its official...

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security...

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security...

K23435400: Intel CPU vulnerability CVE-2022-0004

Security Advisory Description Hardware debug modes and processor INIT setting that allow override of locks for some IntelR Processors in IntelR Boot Guard and IntelR TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2022-0004 Impact There...

CVE-2022-0004

Hardware debug modes and processor INIT setting that allow override of locks for some IntelR Processors in IntelR Boot Guard and IntelR TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

Design/Logic Flaw

Hardware debug modes and processor INIT setting that allow override of locks for some IntelR Processors in IntelR Boot Guard and IntelR TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

Intel 2022.1 IPU - Intel® Boot Guard and Intel® TXT Security Updates

Intel has informed HP of potential vulnerabilities identified in Intel® Boot Guard and Intel® Trusted Execution Technology TXT for some Intel® processors, which might allow escalation of privilege. Intel is releasing firmware updates and prescriptive guidance to mitigate these potential...