Code injection

2021-07-1621:15:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

CPENameOperatorVersion
ideacentre_aio_5-24imb05_firmwareeq< 2021930
ideacentre_aio_5-74imb05_firmwareeq< 2021930
thinkpad_helix_firmwareeq17etb4w-n
thinkpad_t550_firmwareeq11et53w-n
thinkpad_w550s_firmwareeq11et53w-n
thinkpad_x1_carbon_3rd_gen_firmwareeq14et55w-n
thinkpad_x250_firmwareeq10et62w-n
thinkpad_yoga_15_firmwareeq19et65w-n

Name	Operator	Version
ideacentre_aio_5-24imb05_firmware	eq	< 2021930
ideacentre_aio_5-74imb05_firmware	eq	< 2021930
thinkpad_helix_firmware	eq	17etb4w-n
thinkpad_t550_firmware	eq	11et53w-n
thinkpad_w550s_firmware	eq	11et53w-n
thinkpad_x1_carbon_3rd_gen_firmware	eq	14et55w-n
thinkpad_x250_firmware	eq	10et62w-n
thinkpad_yoga_15_firmware	eq	19et65w-n

References

support.lenovo.com/us/en/product_security/LEN-65529