I think we are off on the wrong track. This is fundamentally a CVE against Insyde Software BIOS and possibly other vendors. Any attacker with kernel mode access could do the same thing, regardless of Linux install. I am not sure, but it is possible someone with admin access to Windows could create a driver to do the same thing. Any brave pentesters out there want to give it a try and write it up?
If Paul Sladen in #173 is correct, this is definitely a CVE against the BIOS.
I think we are off on the wrong track. This is fundamentally a CVE against Insyde Software BIOS and possibly other vendors. Any attacker with kernel mode access could do the same thing, regardless of Linux install. I am not sure, but it is possible someone with admin access to Windows could create a driver to do the same thing. Any brave pentesters out there want to give it a try and write it up?
If Paul Sladen in #173 is correct, this is definitely a CVE against the BIOS.