CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')A race condition exists in Intel chipsets that rely solely on the BIOS_CNTL.BIOSWE and BIOS_CNTL.BLE bits as a BIOS write locking mechanism. According to Corey Kallenberg of The MITRE Corporation:"When the BIOS_CNTL.BIOSWE bit is set to 1, the BIOS is made writable. Also contained with the BIOS_CNTL register is the BIOS_CNTL.s("BIOS Lock Enable"). When BIOS_CNTL.BLE is set to 1, attempts to write enable the BIOS by setting BIOS_CNTL.BIOSWE to 1 will immediately generate a System Management Interrupt (SMI). It is the job of this SMI to determine whether or not it is permissible to write enable to the BIOS, and if not, immediately set BIOS_CNTL.BIOSWE back to 0; the end result being that the BIOS is not writable."However, it has been shown that a race condition exists that can allow writes to the BIOS to occur between the moment that an attempt is made to set BIOS_CNTL.BIOSWE to 1 and the moment that it is set back to 0 by the SMI.
Vulmon