The Carnegie Mellon University CERT/CC has issued three different advisories for security flaws identified in the Unified Extensible Firmware Interface (UEFI) The holes were identified by the researchers Rafal Wojtczuk of Bromium and Corey Kallenberg of The MITRE Corporation. The vulnerabilities impact many popular popular UEFI firmware, including Insyde Software products (CVE-2014-8271) and American Megatrends Incorporated (AMI) and Phoenix Technologies (CPN)”]
Source: http://securityaffairs.co/wordpress/31878/hacking/cert-cc-warns-uefi-flaws.html