all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM

Add to bookmarks
March 15, 2023, 1:01 a.m. | Jeremy Boone

NCC Group Research Blog research.nccgroup.com

About four months ago, in October 2022, I was idly poking around the “ICE TEA” leak. This leak was of particular interest to me, because it happened to expose the source code for Intel’s Alder Lake platform BIOS. It’s always fun to finally get to see the code for modules that you previously reverse engineered. […]

alder lake analysis bios bug code collision fun hardware & embedded systems ice intel interest leak october platform report source code toctou vulnerability

Visit resource

More from research.nccgroup.com / NCC Group Research Blog

Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis 1 week, 5 days ago | research.nccgroup.com
analysis architecture confidential data +19
Non-Deterministic Nature of Prompt Injection 1 week, 5 days ago | research.nccgroup.com
attack easy explained exploiting +10
Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224) 2 weeks, 2 days ago | research.nccgroup.com
access advisory api attack +24
Public Report – Google Privacy Sandbox Aggregation Service and Coordinator 3 weeks, 6 days ago | research.nccgroup.com
aggregation companies google google privacy sandbox +16
Android Malware Vultur Expands Its Wingspan 3 weeks, 6 days ago | research.nccgroup.com
android android banking malware android malware authors +18
LTair: The LTE Air Interface Tool 1 month, 1 week ago | research.nccgroup.com
air attacks blog blog post +14
The Development of a Telco Attack Testing Tool 1 month, 1 week ago | research.nccgroup.com
attack blog challenges development +13
Public Report – AWS Nitro System API & Security Claims Italian 1 month, 2 weeks ago | research.nccgroup.com
amazon amazon web services api apis +21
Public Report – AWS Nitro System API & Security Claims French 1 month, 2 weeks ago | research.nccgroup.com
amazon amazon web services api apis +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

EY GDS Internship Program - SAP, Cyber, IT Consultant or Finance Talents with German language

@ EY | Wrocław, DS, PL, 50-086
View on infosec-jobs.com

Security Architect - 100% Remote (REF1604S)

@ Citizant | Chantilly, VA, United States
View on infosec-jobs.com

Network Security Engineer - Firewall admin (f/m/d)

@ Deutsche Börse | Prague, CZ
View on infosec-jobs.com

Junior Cyber Solutions Consultant

@ Dionach | Glasgow, Scotland, United Kingdom
View on infosec-jobs.com

Senior Software Engineer (Cryptography), Bitkey

@ Block | New York City, United States
View on infosec-jobs.com
View more jobs