Description
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105387
Mitigation, Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/LEN-20527
Third Party Advisory x_refsource_confirm
https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
Scores
CVSS v3
7.6
EPSS
0.0006
EPSS Percentile
17.3%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (50)
intel/core_i3
4000m
intel/core_i3
4005u
intel/core_i3
4010u
intel/core_i3
4010y
intel/core_i3
4012y
intel/core_i3
4020y
intel/core_i3
4025u
intel/core_i3
4030u
intel/core_i3
4030y
intel/core_i3
4100e
... and 40 more
Published
Sep 21, 2018
Tracked Since
Feb 18, 2026