CVE-2022-3743

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller EC commands...

PT-2023-13541 · Lenovo · Lcfc Bios

Name of the Vulnerable Software and Affected Versions: LCFC BIOS affected versions not specified Description: A potential issue was discovered in LCFC BIOS for some Lenovo consumer notebook models. This could allow a local attacker with elevated privileges to cause some peripherals to work...

Lenovo Notebook 信息泄露漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo notebook suffers from an information disclosure vulnerability that stems from a security issue in the LCFC BIOS that allows a local attacker with elevated privileges to enumerate Embedded Controller EC commands under...

Lenovo Notebook 访问控制错误漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo notebook suffers from an Access Control Error vulnerability that stems from the exposure of the Embedded Controller EC interface in the LCFC BIOS, which causes certain peripheral devices to work abnormally...

CVE-2022-42455

ASUS EC Tool driver aka d.sys 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local user...

CVE-2021-0060

Insufficient compartmentalization in HECI subsystem for the IntelR SPS before versions SPSE504.01.04.516.0, SPSE504.04.04.033.0, SPSE504.04.03.281.0, SPSE503.01.03.116.0, SPSE305.01.04.309.0, SPS02.04.00.101.0, SPSSoC-A05.00.03.114.0, SPSSoC-X04.00.04.326.0, SPSSoC-X03.00.03.117.0,...

CVE-2019-6171

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware...

Design/Logic Flaw

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware...

CVE-2019-6171

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware...

Multiple Lenovo Products Privilege License and Access Control Issues Vulnerabilities

The Lenovo ThinkPad 10 20E3 and others are products of Lenovo, a Chinese company.The Lenovo ThinkPad 10 20E3 is a tablet PC.The ThinkPad 10 20E4 is a tablet PC.The ThinkPad 13 KBL 20J1 is a laptop PC. A privilege permission and access control issue vulnerability exists in systems in multiple Leno...

Embedded Controller Update Vulnerability - US

Lenovo Security Advisory: LEN-27764 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6171 Summary Description: A vulnerability was reported in older ThinkPad systems that could allow a user with administrative privileges or physical...

CVE-2018-12147

Insufficient input validation in HECI subsystem in IntelR CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access...

Intel Converged Security and Management Engine, Intel TXE and Intel Server Platform Services HECI subsystem buffer overflow vulnerability

Intel Converged Security and Management Engine CSME, etc. are products of Intel Corporation.Intel Converged Security and Management Engine is a security management engine.Intel Server Platform Services is a server platform service program.Intel TXE is a trust execution engine with hardware...

Intel Server Platform Services Input Validation Error Vulnerability

Intel Server Platform Services SPS is a server platform services program from Intel Corporation in the U.S. The HECI subsystem is one of the host embedded controller interface subsystems. An input validation error vulnerability exists in Intel Server Platform Services that stems from the program...

CVE-2018-12208

Buffer overflow in HECI subsystem in IntelR CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and IntelR TXE version before 3.1.60 or 4.0.10, or IntelR Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physica...

Lenovo Thinkpad Active Protection System Elevation of Privilege Vulnerability

Lenovo Thinkpad is a portable computer from the Chinese company Lenovo.Active Protection System is an autonomous functional component that protects the hard disk driver from damage caused by strong physical shocks and vibrations. An elevation of privilege vulnerability exists in versions of Activ...

CVE-2017-3740

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality...

Lenovo Active Protection System Privilege Escalation - Lenovo Support US

No description provided...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3084-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3084-1 advisory. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3084-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3084-2 advisory. USN-3084-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...