CVE-2018-9085 : What You Need to Know

After the boot process, it was discovered that a particular bit responsible for write protection lock was not properly set on earlier versions of Lenovo and IBM System x servers. This oversight could potentially grant unauthorized access to an attacker with administrator privileges, giving them the ability to alter a specific portion of the flash memory which contains both the Intel Server Platform Services (SPS) and the system Flash Descriptors.

Understanding CVE-2018-9085

What is CVE-2018-9085?

CVE-2018-9085 highlights a vulnerability in the System x UEFI firmware of Lenovo and IBM servers, where a critical write protection lock bit was left unset after the boot process, potentially allowing unauthorized access to sensitive system areas.

The Impact of CVE-2018-9085

The vulnerability could lead to unauthorized modification of crucial flash memory areas containing Intel Server Platform Services (SPS) and system Flash Descriptors, posing a significant security risk.

Technical Details of CVE-2018-9085

Vulnerability Description

Vulnerability Type: Missing System x Flash Memory Write Protection Lock Bit
CVSS Score: N/A

Affected Systems and Versions

Product: System x UEFI
Vendors: Lenovo, IBM
Versions: Unspecified, custom

Exploitation Mechanism

The vulnerability could be exploited by an attacker with administrator privileges to alter specific flash memory areas, compromising system integrity.

Mitigation and Prevention

Immediate Steps to Take

Update UEFI firmware to the latest version provided by Lenovo or IBM.

Long-Term Security Practices

Regularly monitor and apply security updates to firmware and system components.
Implement strict access controls and least privilege principles to limit unauthorized access.

Patching and Updates

Regularly check for firmware updates and security advisories from Lenovo and IBM to address known vulnerabilities.