home Intel, Miscellaneous, News Fix for SMM “Incursion” attack for some Lenovo laptops

Fix for SMM “Incursion” attack for some Lenovo laptops

Some Lenovo machines contained incursion vulnerabilities that allow breaking into System Management Mode (SMM). While most recent ThinkPads are affected, there are also some affected consumer machines.

Lenovo describes the vulnerabilities as follows:

Some BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of System Management RAM (SMRAM). An attacker can exploit these calls to bypass Secure Boot, read/write system memory, or overwrite, modify, or corrupt the BIOS.

Luckily, Lenovo released new UEFI versions addressing that vulnerability for some machines while they plan to release patches for other affected machines in the near future.

Almost all Ivy Bridge, Haswell and Broadwell ThinkPads as well as some AMD-based ThinkPads are affected.

For a full list of the affected machines and a link to the respective UEFI update for your machine, please have a look at https://support.lenovo.com/de/de/product_security/smm_attack.

Please keep in mind:

  • If you are using the UEFI update utility, do not turn off or suspend the computer until the update has been completed.  IF YOU DO THAT WHILE THE UPDATE IS STILL IN PROGRESS, THE SYSTEM BOARD MAY  HAVE TO BE REPLACED.
  • If you are using the UEFI update bootable CD, do not turn off, suspend the computer or remove the UEFI UPDATE CD until  the update has been completed. IF YOU DO THAT WHILE THE UPDATE IS STILL  IN PROGRESS, THE SYSTEM BOARD MAY HAVE TO BE REPLACED.
  • Have a look at the README before flashing the UEFI!

If you want to know more about the vulnerability, please have a look at this presentation: http://www.legbacore.com/Research_files/HowManyMillionBIOSWouldYouLikeToInfect_Full2.pdf

  • Petr Vones

    Are .20 models (Sandy Bridge) also affected or not ? I understand the Lenovo support link does not mention them because there are considered unsupported.

    On the other hand Lenovo provided BIOS fix for “DRAM Row Hammering” vulnerability lately even for “unsupported” X220 https://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8duj26us.txt

    • Felix Bohnacker

      I’m not sure, but they might be affected as well due to the high amount of code reuse across UEFI implementations.

      I recommend asking the guys at legbacore.com: http://www.legbacore.com/Contact.html

  • Petr Vones

    The issue is not fully fixed, there is new variant of the attack found recently https://arxiv.org/abs/1710.00551