[ltp] UEFI firmware updates for "BIOS Extreme Privilege Escalation"

Matthew Garrett linux-thinkpad@linux-thinkpad.org
Fri, 24 Oct 2014 16:31:26 +0100

On Thu, Oct 23, 2014 at 11:27:07PM +0200, Jochen Spieker wrote:
> This presentation assumes local admin privileges to exploit the issue:
> https://www.mitre.org/publications/technical-papers/presentation-extreme-privilege-escalation-on-windows-8uefi-systems
> It also mentions that a new Windows 8 API is necessary. I have no idea
> whether a pure !Windows system may be exploitable as well.

There's nothing Windows-specific about this, but there's no existing API 
in Linux that you could use to exploit it. If an attacker can execute 
arbitrary kernel code then they can still take advantage of it.

Matthew Garrett | mjg59@srcf.ucam.org