[ltp] UEFI firmware updates for "BIOS Extreme Privilege
Escalation"
Matthew Garrett
linux-thinkpad@linux-thinkpad.org
Fri, 24 Oct 2014 16:31:26 +0100
On Thu, Oct 23, 2014 at 11:27:07PM +0200, Jochen Spieker wrote:
> This presentation assumes local admin privileges to exploit the issue:
>
> https://www.mitre.org/publications/technical-papers/presentation-extreme-privilege-escalation-on-windows-8uefi-systems
>
> It also mentions that a new Windows 8 API is necessary. I have no idea
> whether a pure !Windows system may be exploitable as well.
There's nothing Windows-specific about this, but there's no existing API
in Linux that you could use to exploit it. If an attacker can execute
arbitrary kernel code then they can still take advantage of it.
--
Matthew Garrett | mjg59@srcf.ucam.org