CVE-2017-3197: GIGABYTE UEFI security problems

What’s this? No more info, but it almost looks like someone at MITRE ran CHIPSEC against a GIGABYTE box and found some failures, so assigned a CVE. Too bad MITRE doesn’t have boxes from ALL OEMs. Maybe this is something more than simple CHIPSEC failures, but the CVE omits details…

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.

 

https://nvd.nist.gov/vuln/detail/CVE-2017-3197

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s