A significant security breach has occurred affecting multiple gaming laptop models using Clevo hardware, where Boot Guard private keys were exposed in firmware updates. This vulnerability enables attackers to bypass security protections, potentially installing malicious firmware. The exposure of private cryptographic keys compromises the integrity of the device's boot process, a cornerstone for system security. Manufacturers like Gigabyte and XPG are affected, with devices such as the Gigabyte G6X 9KG released in early 2025 being vulnerable. This incident has widespread implications for the affected companies, possibly damaging their reputation and consumer trust. Despite reporting to CERT/CC, swift and efficient remediation is hampered, indicating a notable impact on the firmware supply chain security.
Source: https://cybersecuritynews.com/clevo-devices-boot-guard-private-key/
"id": "cle504032625",
"linkid": "clevo",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"