AMI BIOS System Management Mode Vulnerability - US

2018-11-28T12:45:25
ID LENOVO:PS500202-NOSID
Type lenovo
Reporter Lenovo
Modified 2019-06-06T15:55:44

Description

Lenovo Security Advisory: LEN-24238

Potential Impact: Information disclosure, code execution

Severity: Medium

Scope of Impact: Industry-wide

Summary Description:

AMI has reported to Lenovo that the System Management Mode (SMM) module was not properly validating buffers in the BIOS supplied by AMI. Exploitation of this vulnerability could allow an attacker to read or modify SMRAM.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update to the version of BIOS (or later) described for your system in the product impact section.

Product Impact: