Intel Corporation Information for VU#766164
Intel BIOS locking mechanism contains race condition that enables write protection bypass
- Vendor Information Help Date Notified: 12 Sep 2014
- Statement Date:
- Date Updated: 06 Jan 2015
This vulnerability is caused by a misconfiguration of the platform by a platform-specific BIOS implementation. Intel has provided guidance to BIOS developers regarding write protection of the BIOS using System Management Mode (SMM) for many years. In preparation for the public disclosure of this issue, Intel has reiterated that guidance. This issue is mitigated by setting the SMM_BWP bit in the BIOS Control Register along with setting BIOS Lock Enable (BLE) and clearing BIOS Write Enable (BIOSWE). The SMM_BWP bit requires the processor to be in SMM in order to honor writes to the BIOS region of SPI flash, thereby mitigating the issue.
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.