ASA-2018-00049 – Lenovo: Missing System x Flash Memory Write Protection Lock Bit

A write protection lock bit was left unset after boot on an older generation of System x server, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. Other system firmware remains protected and unmodifiable, such as UEFI (BIOS) or IMM2.