Intel SPI Flash (CVE-2017-5703) Flaw Allows Attacker to Alter or Remove BIOS/UEFI Firmware

Intel found that the design of its multiple CPU families was flawed in CVE-2017-5703. The security vulnerability was rated 7.9 out of 10 in CVSSv3 (using Vulnerability Scoring System Version 3.0). ). This flaw allows the attacker to tamper with the SPI Flash memory activity in the chip, which is an essential component of the boot process. On April 3, 2018, Intel officially deployed a fix for this security vulnerability (CVE-2017-5703).

The following CPU families use un-secure opcodes that could lead to a local attacker exploiting the vulnerability CVE-2017-5703:

8th generation Intel® Core™ Processors
7th generation Intel® Core™ Processors
6th generation Intel® Core™ Processors
5th generation Intel® Core™ Processors
Intel® Pentium® and Celeron® Processor N3520, N2920, and N28XX
Intel® Atom™ Processor x7-Z8XXX, x5-8XXX Processor Family
Intel® Pentium™ Processor J3710 and N37XX
Intel® Celeron™ Processor J3XXX
Intel® Atom™ x5-E8000 Processor
Intel® Pentium® Processor J4205 and N4200
Intel® Celeron® Processor J3455, J3355, N3350, and N3450
Intel® Atom™ Processor x7-E39XX Processor
Intel® Xeon® Scalable Processors
Intel® Xeon® Processor E3 v6 Family
Intel® Xeon® Processor E3 v5 Family
Intel® Xeon® Processor E7 v4 Family
Intel® Xeon® Processor E7 v3 Family
Intel® Xeon® Processor E7 v2 Family
Intel® Xeon® Phi™ Processor x200
Intel® Xeon® Processor D Family
Intel® Atom™ Processor C Series

Intel also announced an update listing PC and motherboard vendors that plan to deploy firmware patches or BIOS/UEFI updates.