A serious hardware vulnerability was disclosed last week by researcher Dmytro Oleksiuk. The flaw is in the SystemSmmRuntimeRt UEFI driver, which he found on firmware in Lenovo ThinkPad laptops. An attacker exploiting the vulnerability will gain privileges that will allow them to run arbitrary code in System Management mode and potentially disable flash write protection. No patches are yet available; Lenovo has not provided a security update. The vulnerability was originally thought to be confined to Lenovo and HP laptops, but has spread to Gigabyte motherboards.
Source: https://threatpost.com/scope-of-thinkpwn-uefi-zero-day-expands/119027/