INTEL-SA-00087 Safety Instructions for Intel SPI Flash

From Thomas-Krenn-Wiki
Jump to navigation Jump to search

In early April Intel released information about a vulnerability in the SPI Flash' (CVE-2017-5703, INTEL-SA-00087).[1] This allows local attackers to manipulate the firmware via insecure opcodes, which can result in denial of service. This vulnerability is rated high by Intel with a CVSS v3 score of 7.9. This article provides background information about the vulnerability, which Intel CPUs are affected and more information about Thomas-Krenn systems.

Background information

In modern computer systems, the BIOS or UEFI firmware is stored in a Serial Peripheral Interface (SPI) Flash. For affected CPUs, a local attacker can change the behavior of the SPI flash memory. This can lead to denial of service. The boot process can be changed and BIOS/UEFI firmware updates can be prevented. It can even go as far as executing arbitrary code during the startup process.

According to Intel, the problem has been thoroughly analyzed and a mitigation is known and available. Although Intel says the vulnerability can only be exploited locally, it has a high CVSS v3 score of 7.9 (7.9 High - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H). It was discovered by Intel itself, active exploits are not yet known.

Affected Intel CPUs

The following table shows the CPUs affected according to Intel (as of 03.04.2018):

Xeon Core Pentium Celeron Atom
Affected Intel CPUs Scalable, E3 v6, E3 v5, E7 v4, E7 v3, E7 v2, Phi x200, D 5th to 8th generation N3520, J3710, N37XX, J4205, N4200 N2920, N28XX, J3XXX, J3455, J3355, N3350, N3450 x7-Z8XXX, x5-8XXX, x5-E8000, x7-E39XX, C-Series

Affected systems from Thomas-Krenn

The article BIOS security updates shows the status of the available UEFI firmware/BIOS security updates for mainboards from Thomas-Krenn.

Further information

References

Changelog

  • Version 1.0, 17.04.2018: Initial version with first information.
  • Version 1.1, 10.07.2018: Added reference to a wiki article with a tabular list of available BIOS updates.


Foto Thomas Niedermeier.jpg

Author: Thomas Niedermeier

Thomas Niedermeier working in the product management team at Thomas-Krenn, completed his bachelor's degree in business informatics at the Deggendorf University of Applied Sciences. Since 2013 Thomas is employed at Thomas-Krenn and takes care of OPNsense firewalls, the Thomas-Krenn-Wiki and firmware security updates.


Related articles

Intel C220 Chipsets
Security Advisories for Intel Products 2019-12-10
Security Advisories for Intel Products 2021-02-09