28.8 C
Guru Unix /Linux and GNU supporter

Intel SPI Flash Flaw – Hacker can Alter/Delete BIOS/UEFI

Very recently, Intel has addressed a new vulnerability that uses the flawed configuration of several CPU series. Using the flaw, a hacker can alter the behavior of SPI Flash memory of the chip. SPI Flash memory is very important and a mandatory part of the system’s boot-up process.

According to Lenovo, this bug can allow a hacker to selectively corrupt/modify BIOS/UEFI firmware or block its updates. However, Lenovo engineers also mentioned that this attack could lead to a broken system causing visible malfunction, but hardly holds the chance of executing arbitrary code.

Infected CPUs

The vulnerability is listed as CVE-2017-5703. According to the manufacturer company – Intel, the vulnerability affects the following CPU series.

  • 5th, 6th,7th & 8th generation Intel® Core™ Processors.
  • Several models of Intel® Xeon® Processors.
  • Several models of Intel® Atom™ Processors.
  • Several models of Intel® Pentium® Processors.
  • Several models of Intel® Celeron® Processors.

For the complete list of affected products, check the list at Intel. A local hacker can exploit the flaw in the CPU configuration to corrupt the system of the victim. It’ll cause visible issues with the system boot and normal functionalities. However, the chance of executing arbitrary code is near to impossible. So, you don’t need to panic about your privacy.

- Advertisement -

In the scale of CVSSv3, the vulnerability reached the score of 7.9 out of 10. Intel also mentioned that they know the cause of the issue and mitigation is also available.

What to do now

If you’re a user of those CPUs, you should immediately update your BIOS/UEFI firmware for mitigating the chance of getting exploited. Check for the BIOS update at Intel. Moreover, check other vendor websites (Dell, Lenovo etc.) if you purchased your computer from them.

Now, you can easily install OS via USB flash drive. Learn how to prepare a bootable USB flash drive.

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
"The best Linux newsletter on the web"


Please enter your comment!
Please enter your name here

Latest article