Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed.
The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their products. Researchers from security firm Binarly have confirmed that the lapse has resulted in Intel, Lenovo, and Supermicro shipping server hardware that contains a vulnerability that can be exploited to reveal security-critical information.
Read more…
Source: ArsTechnica