Intel security update

Number: AV18-113
Date: 10 July 2018

Purpose

The purpose of this advisory is to bring attention to a recently published security update by Intel.

Assessment

Intel has released firmware updates to improve System Management Mode (SMM) protection. Incorrect handling of memory types in Tianocore firmware could potentially allow a local attacker to bypass SMM protections on memory.

Products Affected:

Firmware based on Tianocore

  • MdePkg
  • UefiCpuPkg
  • MdeModulePkg

CVE Reference: CVE-2018-3614

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

Date modified: