Number: AV18-113
Date: 10 July 2018
Purpose
The purpose of this advisory is to bring attention to a recently published security update by Intel.
Assessment
Intel has released firmware updates to improve System Management Mode (SMM) protection. Incorrect handling of memory types in Tianocore firmware could potentially allow a local attacker to bypass SMM protections on memory.
Products Affected:
Firmware based on Tianocore
- MdePkg
- UefiCpuPkg
- MdeModulePkg
CVE Reference: CVE-2018-3614
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References: