Dated Intel code leaves Lenovo laptops and Gigabyte motherboards vulnerable

A security researcher has discovered a nasty flaw that he originally thought only affected Lenovo laptops, but it turns out that's not the case. The critical security vulnerability also affects at least one HP laptop and a handful of Gigabyte motherboards aimed at gamers, including the GA-Z77X-UD5H, GA-Z68-UD3H, GA-Z87MX-D3H, and GA-Z97-D3H.

Dmytro "Cr4sh" Oleksiuk published an exploit for the vulnerability called ThinkPwn without first sharing his findings with Lenovo, PCWorld reports. The exploit can be used to sidestep security features built into Windows and allow an attacker to execute malicious code in the CPU's privileged System Management Mode (SMM).

This is low-level access that could pave a path for a rootkit in a PC's Unified Extensible Firmware Interface (UEFI), and also to disable things like Secure Boot, Virtual Secure Mode, and other Windows security features.

According to Lenovo, the vulnerable code came from a UEFI package sent to it by one of its independent BIOS vendors (IBVs), which are companies that customize reference UEFI code for PC makers.

"The package of code with the SMM vulnerability was developed on top of a common code base provided to the IBV by Intel. Importantly, because Lenovo did not develop the vulnerable SMM code and is still in the process of determining the identity of the original author, it does not know its originally intended purpose," Lenovo states in a security advisory. "But, as part of the ongoing investigation, Lenovo is engaging all of its IBVs as well as Intel to identify or rule out any additional instances of the vulnerability's presence in the BIOS provided to Lenovo by other IBVs, as well as the original purpose of the vulnerable code." 

Oleksiuk surmises that the vulnerability was present in Intel's reference code for its 8-series chipsets. Intel fixed the flaw two years ago, but since there was never any public advisories, IBVs and PC makers might have continued using the old and vulnerable reference code unaware that a patch existed.

That would explain why Lenovo isn't the only one affected, as originally thought. Another security researcher, Alex James, discovered the same vulnerability on an HP Pavilion dv7-4087cl laptop, along with the aforementioned Gigabyte motherboards. It's also possible that the vulnerability is present on other products, so keep an eye out for a firmware update no matter what machine or motherboard you own.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Latest in Motherboards
The PCIe slot on an Asus ROG Strix B850-F Gaming WiFi motherboard, showing the Q-release latch for GPUs.
Rejoice! PCI Express 7.0 hits 'final draft' status enabling bandwidth that you probably won't notice on devices that won't appear for years
A photo of an ASRock Z890 Taichi Lite motherboard
ASRock Z890 Taichi Lite review
A photo of the Asus TUF Gaming B860M-Plus WiFi motherboard
Asus TUF Gaming B860M-Plus WiFi review
A photo of an Asus ROG Strix B850-F Gaming WiFi motherboard
Asus ROG Strix B850-F Gaming WiFi review
Gigabyte X870E Aorus Pro motherboard with the SSD heatsinks detached and on a light desk.
Gigabyte X870E Aorus Pro review
Gigabyte Z890 Aorus Elite WiFi 7 Ice on a light desk with a white background and SSD covers removed.
Gigabyte Z890 Aorus Elite WiFi7 Ice review
Latest in News
Image of Cersei Lanniser from Game of Thrones: Kingsroad Steam early access trailer
A new Game of Thrones RPG is coming to Steam today with a cast of 'familiar faces,' which is good because it's really the only way to tell it's a GoT game at all
The new Prime Asset featured in the upcoming update for the Outlast Trials.
The Outlast Trials puts its already paranoid players under surveillance for a time-limited story event
A Viera looking confused in Final Fantasy 14.
Old armor continues to fall victim to Final Fantasy 14's bizarre two-channel dye system, unless you're super into changing the colour of teeny-tiny eyelets: 'Why even bother at this point?'
Starfield: Shattered Space
By the time Bethesda was on Starfield, you'd 'basically get in trouble' for breaking schedule, says former dev: 'A lot of the great stuff within Skyrim came from having the freedom to do what you want'
Otter AI Meeting Agent
As if your work meetings weren't already fun enough, now Otter has a new all-hearing AI agent that remembers everything anyone has said and can join in the discussion
Monster Hunter Wilds' stockpile master studying a manifest
As layoffs and studio closures continue to deathroll the western AAA industry, analyst points out 5 of 8 major Japanese companies hit all-time share prices this year