Does someone know if this is as bad as the description on
http://www.kb.cert.org/vuls/id/552286 makes it sound ("A local authenticated attacker may be able to execute
arbitrary code with the privileges of system firmware"), or does it
require actual root-access to exploit?
Infineon Technologies IT-Services GmbH [hidden email] Lakeside B05, 9020 Klagenfurt, Austria Martin Schuster
FB: LG Klagenfurt, FN 246787y +43 5 1777 3517
Re: UEFI firmware updates for "BIOS Extreme Privilege Escalation"
Martin Schuster (IFKL IT OS DC CD):
> On 2014-10-22 21:41, Jochen Spieker wrote:
>> Not strictly Linux-related but I guess many of us need to patch their
>> http://support.lenovo.com/us/en/product_security/uefi_edk2 >>
> Thanks Jochen!
> Does someone know if this is as bad as the description on
> http://www.kb.cert.org/vuls/id/552286 > makes it sound ("A local authenticated attacker may be able to execute
> arbitrary code with the privileges of system firmware"), or does it
> require actual root-access to exploit?
This presentation assumes local admin privileges to exploit the issue:
There's nothing Windows-specific about this, but there's no existing API
in Linux that you could use to exploit it. If an attacker can execute
arbitrary kernel code then they can still take advantage of it.