Lucene search

K
lenovoLenovoLENOVO:PS500178-NOSID
HistorySep 13, 2018 - 7:29 p.m.

TPM 2.0 Sleep-Wake Error in BIOS Firmware - US

2018-09-1319:29:00
support.lenovo.com
530

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.8%

Lenovo Security Advisory: LEN-20494

**Potential Impact:**Local security-bypass

Severity: Medium

Scope of Impact: Industry-wide

CVE Identifier: CVE-2018-6622

Summary Description:

Lenovo was notified of a potential security bypass vulnerability in BIOS firmware for managing the TPM 2.0 device. If an attacker gains Windows administrator rights and then modifies the Windows kernel so it does not properly prepare the TPM for entering sleep (S3), the TPM may later wake in an error state with cleared PCRs. The BIOS does not detect and resolve this TPM error state, potentially allowing a local attacker to bypass security measures.

Mitigation Strategy for Customers (what you should do to protect yourself):

Lenovo recommends customers update their BIOS to at least the minimum version indicated for their model in the Product Impact section of this advisory.

Product Impact:

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.8%

Related for LENOVO:PS500178-NOSID