Intel ID: INTEL-SA-00159
Product family: Firmware Based on Tianocore
Impact of vulnerability: Escalation of Privilege, Information Disclosure
Severity rating: Important
Original release: 07/10/2018
Last revised: 07/10/2018

Summary:
Intel is releasing firmware updates to improve System Management Mode (SMM) protection.

Description:
Incorrect handling of memory types in Tianocore firmware potentially allows a local attacker to bypass SMM protections on memory.
High 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products:
Firmware based on Tianocore
MdePkg
UefiCpuPkg
MdeModulePkg

Recommendations:
Intel recommends that end-users contact their system manufacturers for updated system firmware.
Patches for Tianocore are listed in the Tianocore Security Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=751
Intel has released updated firmware to address this issue: https://github.com/otcshare/CCG-CNLC...831c23cdf8f664

Acknowledgements:
The issue was reported through TianoCore Bugzilla.

Revision History

Revision Date Description
1.0 07/10/2018 Initial Release

Source: INTEL-SA-00159