Lenovo Security Advisory: LEN-17237
**Potential Impact:**Arbitrary code execution
Severity: Critical
Scope of Impact: Industry-wide
CVE Identifier: CVE-2017-11120, CVE-2017-11121
Summary Description:
Broadcom has issued an advisory for certain Broadcom WiFi controllers used by many computer and device makers, which contain buffer overflow vulnerabilities on the adapter (not the system CPU). Broadcom initially did not plan to remediate these issues, but when the WPA2 KRACK issue also emerged, Broadcom combined both fixes in to a single set of driver updates. Lenovo received the first of these near the end of 2017, and continues releasing fixes as integration and testing is completed.
Mitigation Strategy for Customers (what you should do to protect yourself):
Broadcom recommends updating to the WiFi driver version (or newer) indicated for your model in the Product Impact section below.