Code for Alder Lake CPUs leak
After a source code leak was posted by an unidentified third party on 4chan and GitHub last week, the technology giant Intel has confirmed that confidential source code related to its Alder Lake CPUs has been leaked.
The disclosed information comprises UEFI (Unified Extensible Firmware Interface) code for the company’s 12th-generation CPUs that were released in November 2021.
It is believed that the leaked data also contained multiple references to Lenovo, including code used for integration with Lenovo String Service, Lenovo Cloud Service, and Lenovo Secure Suite.
Intel has admitted that the breach is real
According to Intel, the source code is genuine and is their “exclusive UEFI code.” Furthermore, the technology giant stated that it doesn’t believe this exposes any new security vulnerabilities as it does not rely on the obfuscation of information as a security measure.
Sources from Hardened Vault noted that attackers can still gain significantly from the breaches even if the disclosed OEM implementation is only partially deployed in production.
According to other sources, a private encryption key called KeyManifest, which is used to protect Intel’s Boot Guard platform, was also exposed in the breach.
It is unknown whether or not the compromised private key is used in production. Still, if it is, it might allow hackers to alter the boot policy of Intel’s firmware and bypass the company’s hardware-level security measures.
My perspective
Despite the fact that the source of the leak remains unknown, it's clear that sensitive information about Intel's Alder Lake CPUs has been exposed. This breach might allow attackers to exploit security measures put in place by Intel. If you have discovered a vulnerability in the source code, you can report it to Intel's Project Circuit Breaker bug reward program. Depending on the severity of the issue, you could be eligible for a reward of up to $100,000.
The thing to know is that this might be a very big issue for small business, and especially for those who depend on Lenovo computers.
Listen to them. Children of the night. What music they make.
By Denis Wilson
Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.
For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter.
I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.
Contact me if you would like me to speak to your association
