CVE-2018-16089
The CVE-2018-16089 entry concerns Lenovo System Management Module (SMM) firmware. A field in the header of SMM firmware update images in SMM versions prior to 1.06 is insufficiently sanitized, enabling post-authentication command injection on the SMM as the root user. The Lenovo advisory LEN-2437...