After a source code leak was posted by an unidentified third party on 4chan and GitHub last week, the technology giant Intel has confirmed that confidential source code related to its Alder Lake CPUs has been leaked.
The disclosed information comprises UEFI (Unified Extensible Firmware Interface) code for the company’s 12th-generation CPUs that were released in November 2021.
It is believed that the leaked data also contained multiple references to Lenovo, including code used for integration with Lenovo String Service, Lenovo Cloud Service, and Lenovo Secure Suite.
According to Intel, the source code is genuine and is their “exclusive UEFI code.” Furthermore, the technology giant stated that it doesn’t believe this exposes any new security vulnerabilities as it does not rely on the obfuscation of information as a security measure.
Sources from Hardened Vault noted that attackers can still gain significantly from the breaches even if the disclosed OEM implementation is only partially deployed in production.
According to other sources, a private encryption key called KeyManifest, which is used to protect Intel’s Boot Guard platform, was also exposed in the breach.
It is unknown whether or not the compromised private key is used in production. Still, if it is, it might allow hackers to alter the boot policy of Intel’s firmware and bypass the company’s hardware-level security measures.
Despite the fact that the source of the leak remains unknown, it’s clear that sensitive information about Intel’s Alder Lake CPUs has been exposed. This breach might allow attackers to exploit security measures put in place by Intel. If you have discovered a vulnerability in the source code, you can report it to Intel’s Project Circuit Breaker bug reward program. Depending on the severity of the issue, you could be eligible for a reward of up to $100,000.
