A race condition exists in Intel chipsets that rely solely on the BIOS_CNTL.BIOSWE and BIOS_CNTL.BLE bits as a BIOS write locking mechanism. Successful exploitation of this vulnerability may result in a bypass of this locking mechanism.
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
A race condition exists in Intel chipsets that rely solely on the BIOS_CNTL.BIOSWE and BIOS_CNTL.BLE bits as a BIOS write locking mechanism. According to Corey Kallenberg of The MITRE Corporation:
A local, authenticated attacker could write malicious code to the platform firmware. Additionally, if the "UEFI Variable" region of the SPI Flash relies on BIOS_CNTL.BIOSLE for write protection, as many implementations do, this vulnerability could be used to bypass UEFI Secure Boot. Lastly, the attacker could corrupt the platform firmware and cause the system to become inoperable.
Please see the Vendor Information section below to determine if your system may be affected. We are continuing to communicate with vendors as they investigate these vulnerabilities.
Thanks to Corey Kallenberg and Rafal Wojtczuk for reporting this vulnerability. This issue was also independently co-discovered by John Butterworth and Sam Cornwell of the MITRE Corporation.
This document was written by Todd Lewellen.
|Date First Published:||2015-01-05|
|Date Last Updated:||2015-07-23 16:39 UTC|