exploiting Lenovo firmware, part 2B

July 1, 2016 ~ hucktech

more on this:

exploiting Lenovo firmware, part 2A

Lenovo has a response:

System Management Mode (SMM) BIOS Vulnerability
Lenovo Security Advisory: LEN-8324
Potential Impact: Execution of code in SMM by an attacker with local administrative access
Severity: High
Scope of Impact: Industry-wide

https://support.lenovo.com/us/en/solutions/LEN-8324

The researcher also has a few responses:

Dear vendors, “give us your 0day vulnerability for free and don’t publish anything” — it’s not a cooperation request pic.twitter.com/l4Lk1mo1AM

— Dmytro Oleksiuk 💥 d_olex@mastodon.social (@d_olex) July 1, 2016

I agreed to do that, but they haven't accepted my terms and conditions (just for case — I haven't asked them about money)

— Dmytro Oleksiuk 💥 d_olex@mastodon.social (@d_olex) July 1, 2016

Lenovo is blaming it’s IBV, so, it’s 100% that there’s others OEM’s that have this vuln in their products

— Dmytro Oleksiuk 💥 d_olex@mastodon.social (@d_olex) July 1, 2016

It seems that Lenovo released some advisory for my System Management Mode vuln (no technical details, no links): https://t.co/31rpPiHKNR

— Dmytro Oleksiuk 💥 d_olex@mastodon.social (@d_olex) July 1, 2016

Published by hucktech

View all posts by hucktech

Leave a comment Cancel reply

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Android Developers Blog

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

LLVM Project Blog

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Broadcom ConnectedBroadcom Connected

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Blog - NVM Express

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Schneier on Security

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

IBM Product Security Incident Response Team

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Cyber Trust Blog

Blog - Möbius Strip Reverse Engineering

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Executive Platform - Cisco Blogs

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Official PC-BSD Blog

Discover the Desktop

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

FreeBSD Foundation

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Oracle Blogs | Oracle Blogs

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Oracle Blogs | Oracle Blogs

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Blog - Xen Project

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Planet openSUSE

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Tizen - An open source, standards-based software platform for multiple device categories.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

iXsystems, Inc. – Enterprise Storage & Servers

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

InTelligence Blog

ASSET InterTech

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

coreboot developer blogs

News from coreboot world

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Lenovo EDU Community

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

System76 Blog RSS Feed

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Just another WordPress.com site

Hastily-written news/info on the firmware security/development communities, sorry for the typos.