LenovoLENOVO:PS500038-NOSIDS3 Boot Script Protection
0 Low
EPSS
Percentile
0.0%
Lenovo Security Advisory: LEN-2014-006 **Potential Impact:**Elevation of Privilege Severity: Medium
Summary:
Certain firmware implementations may not correctly protect memory that stores the BIOS S3 Boot Script when a system is suspended. Exploitation of such vulnerabilities could potentially lead to bypass security features and/or denial of service the platform.
Description:
A vulnerability has been found in the S3 Boot Script protection that would allow malicious software to boot in the BIOS upon a recovery from Windows Sleep or Suspend (i.e. S3) mode. This vulnerability would require that the malicious code already be running as an administrator or have root privileges already within the operating system. This patch protects the S3 Boot Script from being modified by a compromised Operating System.
Product Impact:
Please click to expand for more info
ThinkPad
System | Status | Minimum version
including Fix | Link
—|—|—|—
ThinkPad Edge E130 | Affected | H4ET94WW(2.54) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-edge-laptops/thinkpad-edge-e130/downloads/DS029430>
ThinkPad Edge E145 | Affected | HSET59WW(2.04) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-edge-laptops/thinkpad-edge-e145/downloads/DS036720>
ThinkPad Edge E431/E531 | Affected | HEET48WW(1.29) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-edge-laptops/thinkpad-edge-e431/downloads/DS035124>
ThinkPad Edge E440/E540 | Affected | J9ET97WW(2.17) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-edge-laptops/thinkpad-edge-e440/downloads/DS037207>
ThinkPad Edge E455/E555 | Affected | HTET40WW (1.12) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-edge-laptops/thinkpad-e455?c=1>
ThinkPad Edge S430 | Affected | GAET99WW(2.59) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-edge-laptops/thinkpad-edge-s430/downloads/DS029726>
ThinkPad Helix | Affected | GFET51WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-helix-series-laptops/thinkpad-helix-type-3xxx/downloads/DS034627>
ThinkPad L430/L530 | Affected | G3ETA3WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-l-series-laptops/thinkpad-l530/downloads/DS029124>
ThinkPad L440/L540 | Affected | J4ET73WW(1.73) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-l-series-laptops/thinkpad-l440/downloads/DS037206>
ThinkPad L450 | Affected | JDET40WW(1.02) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-l-series-laptops/thinkpad-l450/downloads/DS102107>
ThinkPad Yoga (Non-vPro) | Affected | GQET42WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-yoga-series-laptops/thinkpad-yoga/downloads/DS038334>
ThinkPad Yoga (vPro) | Affected | B0ET26WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-yoga-series-laptops/thinkpad-yoga/downloads/DS038334>
ThinkPad S431 | Affected | JFET35WW(1.12) | http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-s-series-laptops/thinkpad-s431/downloads/DS035164
ThinkPad S440 | Affected | J3ET62WW(1.62) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-s-series-laptops/thinkpad-s440/downloads/DS036070>
ThinkPad S531 | Affected | GKET34WW(1.14) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-s-series-laptops/thinkpad-s531/downloads/DS035584>
ThinkPad S540 | Affected | GPET63WW (1.63) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-s-series-laptops/thinkpad-s540/downloads/DS038373>
ThinkPad T430 | Affected | G1ETA7WW(2.67) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430/downloads/DS029252>
ThinkPad T430s | Affected | G7ETA2WW(2.62 | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430s/downloads/DS029724>
ThinkPad T430u | Affected | H6ET93WW (2.11) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430u/downloads/DS031724>
ThinkPad T431s | Affected | GHET31WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t431s/downloads/DS034505>
ThinkPad T440/T440s | Affected | GJET82WW (2.32) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t440/downloads/DS035965>
ThinkPad T440p | Affected | GLET77WW (2.31) | http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t440p/downloads/DS037575
ThinkPad T530 | Affected | G4ETA3WW(2.63) | http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t530/downloads/DS029246
ThinkPad T540p | Affected | GMET69WW (2.17) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t540p/downloads/DS038147>
ThinkPad Tablet 10 (32-bit) | Not affected | |
ThinkPad Tablet 10 (64-bit) | Not affected | |
ThinkPad Tablet 2 | Not affected | |
ThinkPad Tablet 8 (32-bit) | Not affected | |
ThinkPad Tablet 8 (64-bit) | Not affected | |
ThinkPad Twist/Edge S230 | Affected | GDETA9WW(1.69) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-twist-series-laptops/thinkpad-twist-s230u/downloads/DS032000>
ThinkPad W530 | Affected | G5ETA1WW(2.61) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-w-series-laptops/thinkpad-w530/downloads/DS029169>
ThinkPad W540 | Affected | GNET70WW (2.18) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-w-series-laptops/thinkpad-w540/downloads/DS039077>
ThinkPad X1 Carbon (20A7,20A8) | Affected | GRET43WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x1-carbon-type-20a7-20a8/downloads/DS039782>
ThinkPad X1 Carbon (34xx) | Affected | G6ETB0WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x1-carbon-type-34xx/downloads/DS030684>
ThinkPad X131e (AMD) | Affected | G9ET99WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x131e/downloads/DS029771>
ThinkPad X131e (Intel) | Affected | G8ETA0WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x131e/downloads/DS029771>
ThinkPad X140e (AMD) | Affected | GSET62WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x140e/downloads/DS038561>
ThinkPad X230 | Affected | G2ETA3WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x230/downloads/DS029187>
ThinkPad X230s | Affected | GGET23WW(1.11) | <http://support.lenovo.com/us/en/downloads/ds034847>
ThinkPad X230t | Affected | GCETA1WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-x-series-tablet-laptops/thinkpad-x230-tablet/downloads/DS029683>
ThinkPad X240/X240s | Affected | GIET79WW (2.29) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x240/downloads/DS035950>
ThinkPad Yoga 11e | Not affected | |
Thinkcenter
System | Status | Minimum version
including Fix | Link
—|—|—|—
ThinkCentre E73Z | Affected | FGKT36A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m83z>
ThinkCentre E93 | Affected | FBKTA5A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m93/downloads/DS035753>
ThinkCentre E93Z | Affected | FFKT36A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-e-series-desktops/thinkcentre-e93z>
ThinkCentre Edge 62z | Affected | F8KT37A | <http://support.lenovo.com/us/en/downloads/DS031473>
ThinkCentre Edge 63z | Affected | FQKT26A | <http://support.lenovo.com/us/en/downloads/DS100926>
ThinkCentre Edge 72 | Affected | F1KT68A | <http://support.lenovo.com/us/en/downloads/ds029433>
ThinkCentre Edge 72z | Affected | F6KT40A | <http://support.lenovo.com/us/en/downloads/DS029266>
ThinkCentre Edge 92z | Affected | 9XKT32A | <http://support.lenovo.com/us/en/downloads/DS030110>
ThinkCentre M53 | Affected | FPKT30A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m79/downloads/DS100923>
ThinkCentre M62Z | Affected | F0KT43A | <http://support.lenovo.com/us/en/downloads/DS030249>
ThinkCentre M72e (Ivy) | Affected | F1KT68A | <http://support.lenovo.com/us/en/downloads/ds029433>
ThinkCentre M72e (PCI) | Affected | F9KT55A | <http://support.lenovo.com/us/en/downloads/DS031119>
ThinkCentre M72e (Tiny) | Affected | F4KT51A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m72e/downloads/DS029184>
ThinkCentre M72z | Affected | F6KT40A | <http://support.lenovo.com/us/en/downloads/DS029266>
ThinkCentre M73 | Affected | FCKT64A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m73/downloads//downloads/DS038324>
ThinkCentre M73 Tiny | Affected | FHKT54A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m73/downloads/DS038325>
ThinkCentre M73Z | Affected | FGKT36A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m83z>
ThinkCentre M78 (type 1562, 1565, 1662, 1663, 1766, 2111, 2113, 2114, 4860, 4863, 4865, 4866, 5100) | Affected | 9ZKT51A | <http://support.lenovo.com/us/en/downloads/DS031087>
ThinkCentre M78 (type 10BN, 10BQ, 10BR, 10BS, 10BT, 10BU) | Affected | FNKT35A | <http://support.lenovo.com/us/en/downloads/DS038364>
ThinkCentre M79 | Affected | FPKT30A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m79/downloads/DS100923>
ThinkCentre M83 | Affected | FBKTA5A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m93/downloads/DS035753>
ThinkCentre M83Z | Affected | FGKT36A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m83z>
ThinkCentre M92 | Affected | 9SKT87A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m92>
ThinkCentre M92P | Affected | 9SKT87A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m92p>
ThinkCentre M92Z | Affected | 9NKT66A | <http://support.lenovo.com/us/en/downloads/DS029443>
ThinkCentre M93 | Affected | FBKTA5A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m93/downloads/DS035753>
ThinkCentre M93P | Affected | FBKTA5A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m93/downloads/DS035753>
ThinkCentre M93Z | Affected | FEKT88A | http://download.lenovo.com/ibmdl/pub/pc/pccbbs/thinkcentre_bios/fejy88usa.exe
Thinkstation
System | Status | Mininum BIOS
including Fix | Release
—|—|—|—
ThinkStation C30
(type 1095, 1096, 1097) | Affected | A1KT51A | <http://support.lenovo.com/us/en/products/workstations/thinkstation-s-series-workstations/thinkstation-s30>
ThinkStation C30
(type 1136, 1137) | Affected | A3KT47A | <http://support.lenovo.com/us/en/products/workstations/thinkstation-c-series-workstations/thinkstation-c30/downloads/DS035725>
ThinkStation D30
(type 4223, 4228, 4229) | Affected | A1KT51A | <http://support.lenovo.com/us/en/products/workstations/thinkstation-s-series-workstations/thinkstation-s30>
ThinkStation D30
(type 4353, 4354) | Affected | A3KT47A | <http://support.lenovo.com/us/en/products/workstations/thinkstation-c-series-workstations/thinkstation-c30/downloads/DS035725>
ThinkStation E32 | Affected | FBKTA5A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m93/downloads/DS035753>
ThinkStation P300 | Affected | FBKTA5A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/thinkcentre-m-series-desktops/thinkcentre-m93/downloads/DS035753>
ThinkStation P500 | Affected | A4KT64A | <http://support.lenovo.com/us/en/products/workstations/thinkstation-p-series-workstations/thinkstation-p500>
ThinkStation P700 | Affected | A5KT64A | <http://support.lenovo.com/us/en/products/workstations/thinkstation-p-series-workstations/thinkstation-p700>
ThinkStation P900 | Affected | A6KT64A | <http://support.lenovo.com/us/en/products/workstations/thinkstation-p-series-workstations/thinkstation-p900/downloads/DS101344>
ThinkStation S30 | Affected | A0KT51A | <http://support.lenovo.com/us/en/products/workstations/thinkstation-s-series-workstations/thinkstation-s30>
ThinkStation S30 | Affected | A2KT46A | <http://support.lenovo.com/us/en/products/workstations/thinkstation-s-series-workstations/thinkstation-s30/downloads/DS035724>
ThinkServer & Storage
| System | Status |
|---|---|
| ThinkServer RD330 | Not affected |
| ThinkServer RD340 | Not affected |
| ThinkServer RD430 | Not affected |
| ThinkServer RD440 | Not affected |
| ThinkServer RD530 | Not affected |
| ThinkServer RD540 | Not affected |
| ThinkServer RD550 | Not affected |
| ThinkServer RD630 | Not affected |
| ThinkServer RD640 | Not affected |
| ThinkServer RD650 | Not affected |
| ThinkServer RS140 | Not affected |
| ThinkServer TD340 | Not affected |
| ThinkServer TD350 | Not affected |
| ThinkServer TS130 | Not affected |
| ThinkServer TS140 | Not affected |
| ThinkServer TS430 | Not affected |
| ThinkServer TS440 | Not affected |
Lenovo Desktops
System | Status | Minimum version
including Fix | Link
—|—|—|—
63 Desktop | Affected | FCKT69A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-63-series-desktops/lenovo-63-desktop/downloads/DS101301>
A540 All In One (Broadwell) | Affected | O14KT15AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-a-series-all-in-ones/lenovo-a540-all-in-one/downloads/DS102570>
A740 All-In-One - BDW | Affected | O14KT15AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-a-series-all-in-ones/lenovo-a540-all-in-one/downloads/DS102570>
B40-30 All-In-One | Affected | O0CKT23A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-b-series-all-in-ones/lenovo-b40-30-all-in-one/downloads/DS101240>
B40-30 Touch All-In-One | Affected | O0CKT23A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-b-series-all-in-ones/lenovo-b40-30-all-in-one/downloads/DS101240>
B50-30 All-In-One | Affected | O0BKT21A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-b-series-all-in-ones/lenovo-b50-30-all-in-one/downloads/DS101243>
B50-30 Touch All-In-One | Affected | O0BKT21A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-b-series-all-in-ones/lenovo-b50-30-all-in-one/downloads/DS101243>
B5035 | Affected | O0AKT18AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-a-series-all-in-ones/lenovo-a540-all-in-one/downloads/DS101270>
B50-35 All-In-One | Affected | O0AKT18AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-a-series-all-in-ones/lenovo-a540-all-in-one/downloads/DS101270>
C20-05 All-In-One | Affected | O0GKT30AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-c-series-all-in-ones/lenovo-c560-all-in-one/downloads/DS101524>
C20-30 All-In-One | Affected | O0EKT30AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-c-series-all-in-ones/lenovo-c560-all-in-one/downloads/DS101522>
C260 All–In-One | Affected | IXKT26AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-c-series-all-in-ones/lenovo-c260-all-in-one/downloads/DS100767>
C260 Touch All-In-One | Affected | IXKT26AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-c-series-all-in-ones/lenovo-c260-all-in-one/downloads/DS100767>
C360 All-In-One | Affected | IMKT19AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/horizon-series/horizon-2e-table-pc/downloads/DS101336>
C365 All-In-One | Affected | O0MKT13A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-s-series-all-in-ones/lenovo-s40-40-all-in-one/downloads/DS101298>
C40-05 All-In-One | Affected | O0KKT14A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-c-series-all-in-ones/lenovo-c40-05-all-in-one>
C40-30 All-In-One | Affected | O0HKT17AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/horizon-series/horizon-2e-table-pc/downloads/DS101525>
C460 All-In-One | Affected | IMKT19AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/horizon-series/horizon-2e-table-pc/downloads/DS101336>
C470 All-In-One | Affected | O0DKT18AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/horizon-series/horizon-2e-table-pc/downloads/DS101337>
C50-30 All-In-One | Affected | O0IKT17A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-c-series-all-in-ones/lenovo-c50-30-all-in-one/downloads/DS101470>
C5030-non-Touch | Affected | O0IKT17A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-c-series-all-in-ones/lenovo-c50-30-all-in-one/downloads/DS101470>
C560 All-In-One | Affected | INKT30AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-c-series-all-in-ones/lenovo-c560-all-in-one/downloads/DS101700>
E50-00 Deskop | Affected | O07KT52AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/e-series-desktop/lenovo-e50-00-desktop/downloads/DS101341>
ErazerX700 Desktop | Affected | IUKT19AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-erazer-x-series-desktops/lenovo-erazer-x700-desktop/downloads/DS101745>
H30-00 Desktop | Affected | O07KT52AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/e-series-desktop/lenovo-e50-00-desktop/downloads/DS101341>
H30-05 Desktop | Affected | O06KT18A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-s-series-all-in-ones/lenovo-s40-40-all-in-one/downloads/DS101299>
H30-50 Desktop | Affected | IEKT31A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-h-series-desktops/lenovo-h530-desktop/downloads/DS101277>
H50-00 Desktop | Affected | O07KT52AUS | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/e-series-desktop/lenovo-e50-00-desktop/downloads/DS101341>
H50-05 Desktop | Affected | O06KT18A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-s-series-all-in-ones/lenovo-s40-40-all-in-one/downloads/DS101299>
H50-30g Desktop | Affected | IEKT31A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-h-series-desktops/lenovo-h530-desktop/downloads/DS101277>
H50-50 Desktop | Affected | IEKT31A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-h-series-desktops/lenovo-h530-desktop/downloads/DS101277>
H530 Desktop | Affected | IEKT31A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-h-series-desktops/lenovo-h530-desktop/downloads/DS101277>
H530s Desktop | Affected | IEKT31A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-h-series-desktops/lenovo-h530-desktop/downloads/DS101277>
Horizon 2 27 Table PC | Affected | O02KT21A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/horizon-series/horizon-2-27-table-pc-ideacentre/downloads/DS101244>
Horizon2e Table PC | Affected | O08KT21A | <http://support.lenovo.com/us/en/downloads/ds101046>
Horizon2s Table PC | Affected | O0FKT15A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/horizon-series/horizon-2e-table-pc/downloads/DS101046>
M4350 Desktop | Affected | F9KT55A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/m-series/lenovo-m4350-desktop/downloads/DS101302>
S40-40 All-In-One | Affected | IZKT22A | <http://support.lenovo.com/us/en/products/desktops-and-all-in-ones/lenovo-s-series-all-in-ones/lenovo-s40-40-all-in-one/downloads/DS101300>
Lenovo Notebook
System | Status | Minimum version
including Fix | Link
—|—|—|—
B40-30/B50-30/B50-30 Touch/E40-30/N40-30 | Affected | 9CCN31WW(V2.09) | <http://support.lenovo.com/us/en/downloads/DS101220>
B40-45/B50-45/N40-45/N50-45 | Affected | A1CN26WW(V1.14) | <http://support.lenovo.com/us/en/downloads/DS101226>
B40-70/B50-70/E40-70/E50-70/N40-70/N50-70 | Affected | 9DCN32WW(V3.02) | <http://support.lenovo.com/us/en/downloads/DS101224>
B490 | Affected | H9ET90WW | <http://support.lenovo.com/us/en/downloads/DS032260>
E10-30 | Affected | A5CN36WW(V3.7) | <http://support.lenovo.com/us/en/downloads/DS100550>
Flex 10 | Affected | 93CN57WW(V9.7) | <http://support.lenovo.com/us/en/downloads/DS100999>
Flex 2 14/Flex 2 15 (Baytrail-M) | Affected | A3CN32WW | <http://support.lenovo.com/us/en/downloads/DS101207>
Flex 2 14/Flex 2 15 (Haswell) | Affected | A0CN36WW | <http://support.lenovo.com/us/en/downloads/DS101193>
Flex 2 14D/Flex 2 15D | Affected | 9FCN26WW | <http://support.lenovo.com/us/en/downloads/DS101002>
Flex 2 Pro-15 (Broadwell) | Affected | B9CN16WW | <http://support.lenovo.com/us/en/downloads/DS101359>
Flex 2 Pro-15 (Haswell) | Affected | 9FCN22WW | <http://support.lenovo.com/us/en/downloads/DS101359>
Flex 3 11 | Not Affected | − | −
Flex3 1470/1570 HSW/BDW | Not Affected | − | −
G40-30/G50-30 | Affected | A7CN45WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-g-series-laptops/g40-30-notebook-lenovo/downloads/DS100921>
G40-45/G50-45 | Affected | A2CN34WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-g-series-laptops/g40-45-notebook-lenovo/downloads/DS100823>
G40-70/G50-70 | Affected | 9ACN30WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-g-series-laptops/g40-70-notebook-lenovo/downloads/DS100522>
G40-75/G50-75 | Affected | − | Contact your service provider
G40-80/G50-80 | Affected | B0CN73WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-g-series-laptops/g40-80/downloads/DS102231>
G70-70 | Affected | B6CN14WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-g-series-laptops/g70-70-laptop/downloads/DS101620>
K20-80 | Affected | ADCN37WW | Contact your service provider
K2450 | Affected | J2ET40WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-k-series-laptops/lenovo-k2450/downloads/DS100835>
K4450 | Affected | J8ET43WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-k-series-laptops/lenovo-k4450/downloads/DS101630>
M30-70/M40-70 | Affected | 8BCN47WW (V3.10) | <http://support.lenovo.com/us/en/downloads/ds101228>
M50-70 | Affected | B3CN23WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-m-series-laptops/lenovo-m50-70-notebook/downloads/DS101348>
M50-80 | Not Affected | − | −
Miix 2 11 | Affected | 97CN41WW | <http://support.lenovo.com/us/en/products/tablets/miix-series/miix-2-11-tablet-lenovo/downloads/DS101276>
Miix 2 8 | Affected | 90CN27WW | <http://support.lenovo.com/us/en/products/tablets/miix-series/miix-2-8-tablet-lenovo/downloads/DS101003>
Miix 3-1030 | Affected | B4CN25WW(V4.5) | http://support.lenovo.com/us/en/products/tablets/miix-series/miix-3-1030-tablet-lenovo/downloads/DS101605
N40-80 | Affected | A8CN38WW(V2.03) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-e-series-laptops/e40-80/downloads/DS102219>
S20-30 | Affected | ACCN22WW(V2.0) | http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-s-series-laptops/lenovo-s20-30-notebook/downloads/DS100552
S21e | Affected | C4CN14WW(V1.04) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-s-series-laptops/s21e-20/downloads/DS102813>
S41-70 HSW/BDW | Affected | BDCN30WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/u-series/u41-70>
S435/M40-35 | Affected | BBCN15WW(V1.06) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-s-series-laptops/s435>
U330/U430 | Researching | |
Y40-80 | Affected | B5CN35WW(V2.01) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-y-series-laptops/y40-80>
Y410P/510P | Affected | 74CN47WW(V3.08) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/ideapad-y-series-laptops/ideapad-y410p-notebook/downloads/DS100556>
Y430P | Affected | − | Contact your service provider
Y50-70/Y50-70 Touch/Y70-70 Touch | Affected | 9ECN37WW(V2.01) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-y-series-laptops/y50-70-touch-notebook-lenovo>
Yoga 2 11 (Baytrail-M) | Affected | 92CN35WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/yoga-series/yoga-2-11-notebook-lenovo/downloads/DS100551>
Yoga 2 11 (Haswell) | Affected | AACN21WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/yoga-series/yoga-2-11-notebook-lenovo/downloads/DS101717>
Yoga 2 13 | Affected | 96CN30WW(V1.16) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/yoga-series/yoga-2-13-notebook-lenovo/downloads/DS100939>
Yoga 2 Pro | Affected | 76CN46WW.A | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/yoga-series/yoga-2-pro-lenovo/downloads/DS035004>
Yoga 3 11 | Affected | B8CN30WW(V2.08) | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/yoga-series/yoga-3-1170/downloads/DS102768>
Yoga 3 14 | Not Affected | − | −
Yoga 3 Pro | Affected | A6CN49WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/yoga-series/yoga-3-pro-1370-laptop-lenovo/downloads/DS101338>
Z40-70/Z50-70 | Affected | 9BCN30WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-z-series-laptops/lenovo-z40-70/downloads/DS100528>
Z40-75/Z50-75 | Affected | A4CN37WW | <http://support.lenovo.com/us/en/products/laptops-and-netbooks/lenovo-z-series-laptops/lenovo-z40-75/downloads/DS100825>
Lenovo EMC
| System | Status |
|---|---|
| LenovoEMC EZ Media & Backup (hm3) | Not affected |
| LenovoEMC Home Media Cloud Edition (hm2) | Not affected |
| LenovoEMC ix12-300r | Not affected |
| LenovoEMC ix2 (inc DL) | Not affected |
| LenovoEMC ix2-200 | Not affected |
| LenovoEMC ix2-200 Cloud Edition | Not affected |
| LenovoEMC ix4-200d | Not affected |
| LenovoEMC ix4-200d (2.1.x firmware) | Not affected |
| LenovoEMC ix4-200d Cloud Edition | Not affected |
| LenovoEMC ix4-300d (inc DL) | Not affected |
| LenovoEMC px12-350r | Not affected |
| LenovoEMC px12-400r | Not affected |
| LenovoEMC px12-450r | Not affected |
| LenovoEMC px2-300d (inc NVR) | Not affected |
| LenovoEMC px4-300d (inc NVR) | Not affected |
| LenovoEMC px4-300r | Not affected |
| LenovoEMC px4-400d (inc NVR) | Not affected |
| LenovoEMC px4-400r | Not affected |
| LenovoEMC px6-300d | Not affected |
ThinkServer & Storage
| Application | Status |
|---|---|
| Delopy Manager | Not affected |
| Diagnostic | Not affected |
| Easy Manager | Not affected |
| Easy Updater | Not affected |
| Energy manager | Not affected |
| OSPUT | Not affected |
| Partner Pack | Not affected |
| Power Planner | Not affected |
| TSMCLI | Not affected |
Acknowledgements:
Lenovo would like to thank Rafal Wojtczuk of Bromium & Corey Kallenberg of the MITRE Corporation and Intel Security’s Advanced Threat Research Team for reporting this vulnerability.
Other information and references:
- CERT Vulnerability Note: VU#976132
- CVE ID: CVE-2014-8274
Revision History:
Revision
|
Date
|
Description
—|—|—
1.6 | 2015-06-25 | Publish additional fixes
1.5 | 2015-05-17 | Publish additional fixes
1.4 | 2015-04-17 | Publish additional fixes
1.3 | 2015-03-25 | Publish additional fixes
1.2 | 2015-03-03 | Publish additional fixes
1.1 | 2015-01-31 | Publish additional fixes
1.0 | 2015-01-16 | Initial release
Related
