Intel confirms the leak of UEFI BIOS source code of Alder Lake chips is authentic, raising cybersecurity concerns, reports Bleeping Computer. Alder Lake is the name of the 12th generation Intel Core processors released in November 2021.

On Friday, Twitter user named freak posted a link to what was said to be Intel Alder Lake’s UEFI firmware source code, which it claims was posted on 4chan.

The link led to a GitHub repository called ICE_TEA_BIOS, which was uploaded by a user with the nickname LCFCASD and contained data described as “BIOS code from the C970 project.”

Intel confirms the BIOS source code of Alder Lake processors leak

The leak contains 5.97GB of files, source code, private keys, changelogs, and build tools, with the latest timestamp on the files being 09/30/22, presumably when a hacker or insider copied the data.

All of the source code was developed by Insyde Software Corp, a UEFI system software developer.

The source code leak also contains numerous references to Lenovo, including code for integration with Lenovo String Service, Lenovo Secure Suite, and Lenovo Cloud Service.

It is not yet clear whether the source code was stolen in a cyber attack or whether it was leaked due to employee error, accidental or intentional. However, Intel has confirmed that the source code is authentic:

“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation,” Intel’s press service notes.