[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Libreboot] Zero-day vulnerability - system management mode arbitrary co

From: Duncan Guthrie
Subject: [Libreboot] Zero-day vulnerability - system management mode arbitrary code execution
Date: Wed, 06 Jul 2016 00:52:11 +0100
User-agent: K-9 Mail for Android

Hi all, 
Poking around the internet, I happened upon this page:
This is an exploit for System Management Mode of Intel x86 CPUs, tested on a 
number of recent models, including Lenovo ThinkPads, and tested on some other 
models including an HP Pavilion laptop. This suggests that this vulnerability 
exists in a wide range of recent Intel hardware. The page links to this 
extensive blog post:
What excites me about this is that as we are running code at such a low level, 
we might in theory be able to bypass the Intel ME signature checking and 
similar "protections", and run unsigned BIOS software. This would be great for 
Can anyone else comment on this? I am quite excited at the potential of this, 
especially as it seems to be able to target many new models of Intel hardware, 
perhaps even Intel hardware produced this year, as Intel, as far as I know, 
didn't introduce any major design changes for a long time as they did not need 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]