AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US


**Lenovo Security Advisory:** LEN-29592 **Potential Impact**: Denial of service, privilege escalation, information disclosure **Severity:** High **Scope of Impact:** Industry-wide **CVE Identifier:** CVE-2013-4312, CVE-2013-7446, CVE-2014-3631, CVE-2014-5206, CVE-2014-5207, CVE-2014-6410, CVE-2014-7145, CVE-2014-7822, CVE-2014-7970, CVE-2014-7975, CVE-2014-8160, CVE-2014-8559, CVE-2014-8989, CVE-2014-9420, CVE-2014-9529, CVE-2014-9728, CVE-2014-9729, CVE-2014-9730, CVE-2015-1333, CVE-2015-1350, CVE-2015-1805, CVE-2015-2925, CVE-2015-3288, CVE-2015-3339, CVE-2015-3636, CVE-2015-4167, CVE-2015-5706, CVE-2015-7613, CVE-2015-8215, CVE-2015-8816, CVE-2015-8964, CVE-2016-0723, CVE-2016-0728, CVE-2016-0758, CVE-2016-0823, CVE-2016-10208, CVE-2016-2847, CVE-2016-3070, CVE-2016-3156, CVE-2016-4482, CVE-2016-5696, CVE-2016-6213, CVE-2016-6828, CVE-2016-7097, CVE-2016-7910, CVE-2016-7914, CVE-2016-7916, CVE-2016-8405, CVE-2016-8645, CVE-2016-9191, CVE-2017-1000253, CVE-2017-1000364, CVE-2017-13305, CVE-2017-14106, CVE-2017-15299, CVE-2017-16531, CVE-2017-16535, CVE-2017-17449, CVE-2017-17558, CVE-2017-17806, CVE-2017-18270, CVE-2017-2647, CVE-2017-2671, CVE-2017-5551, CVE-2017-5669, CVE-2017-5897, CVE-2017-7495, CVE-2017-7542, CVE-2017-7618, CVE-2017-8064, CVE-2017-9242, CVE-2018-1000026, CVE-2018-10087, CVE-2018-10124, CVE-2018-1066, CVE-2018-10876, CVE-2018-10877, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883, CVE-2018-1092, CVE-2018-1093, CVE-2018-12896, CVE-2018-13053, CVE-2018-16884, CVE-2018-17972, CVE-2018-18281, CVE-2018-18344, CVE-2018-20169, CVE-2018-5344, CVE-2018-5953, CVE-2018-5995, CVE-2018-6927, CVE-2018-9422, CVE-2018-9568, CVE-2019-10638, CVE-2019-10639, CVE-2019-11190, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11599, CVE-2019-11833, CVE-2019-12819, CVE-2019-13272, CVE-2019-3901, CVE-2019-5489, CVE-2019-9213 **Summary Description: ** AMI has released AMI MegaRAC SP-X Baseboard Management Controller (BMC) security enhancements to address Linux kernel vulnerabilities. **Mitigation Strategy for Customers (what you should do to protect yourself): ** Upgrade to the BMC firmware version (or newer) indicated for your model in the Product Impact section below. **** **** **Product Impact:** To download the version specified for your product below, follow these steps: 1. Navigate to your product's Drivers & Software page by going to [https://support.lenovo.com/](<https://pcsupport.lenovo.com/us/en/>). PRC users should go to <https://newsupport.lenovo.com.cn/> 2. Search for your product by name or machine type. 3. Click Drivers & Software on the left menu panel. 4. Click on Manual Update to browse by Component type. 5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site. Alternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.