Intel SMM attack
http://invisiblethingslab.com/resources/misc09/smm_cache_fun.pdf

Дырка неопасная, но интересная. Особенно интересно, как эту дырку нашли.
Потенциальную уязвимость нашел несколько лет назад сотрудники Интела
и послали заявки на патенты на методы решения проблемы. После этого
процессоры получили возможность защиты от этой уязвимости, но
в BIOS дырки остались.

-----цитата
Interestingly the very same cache poisoning
problem we abuse in our attack against SMM has
been identified a few years ago by Intel employees,
who even decided to describe it in at least two
different patent applications. We haven't been aware of
the patents before we discovered the attack — we never
thought a vendor might describe weaknesses in its own
products and apply for a patent on how to fix them,
and still not implement those fixes for a few years…
The patents turned out, however, to be easily
"googlable" and it would be surprising that nobody
else before us, and Loic Duflot, have created
working exploits for this vulnerability.
-----конец цитаты


via viliar