1169 matches found
Reading Privileged Memory with a Side Channel - US
Lenovo Security Advisory: LEN-18282 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels. Severity: High Scope of Impact: Industry-wide CVE Identifier: “Spectre” CVE-2017-5753, CVE-2017-5715 “Meltdown”...
Speculative Execution Side Channel Variants 4 and 3a - US
Lenovo Security Advisory: LEN-22133 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory or registers, circumventing expected privilege levels Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3639, CVE-2018-3640 Summary...
WPA2 Protocol Vulnerabilities - US
Lenovo Security Advisory: LEN-17420 Potential Impact: An attacker could manipulate the vulnerability to affect clients through arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames Severity: High Scope of...
Intel Graphics Drivers Vulnerabilities - US
Lenovo Security Advisory: LEN-15570 Potential Impact: Privilege escalation, modification of kernel memory Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-5696, CVE-2017-5727, CVE-2017-5717, CVE-2017-5692 Summary Description: Intel has issued multiple advisories related to i...
NVIDIA Graphics Driver Multiple Vulnerabilities (including fixes for Intel Speculative Side Channel Vulnerabilities) - US
Lenovo Security Advisory: LEN-16730 Potential Impact: Denial of service, possible escalation of privilege, exfiltration of privileged memory Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-5753, CVE-2017-6266, CVE-2017-6267, CVE-2017-6268, CVE-2017-6269, CVE-2017-6270,...
Bluetooth “BlueBorne” Vulnerabilities - NL
Lenovo Security Advisory: LEN-17125 Potential Impact: Remote code execution Severity: High Scope of Impact: Industry wide CVE Identifier: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-8628, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251 Summary Description: A collection...
Samba Remote Code Execution Vulnerability
Lenovo Security Advisory: LEN-2015-016 Potential Impact: Execution of arbitrary code Severity: High Summary: Samba is an open-source implementation of the Server Message Block SMB or Common Internet File System CIFS protocol, which allows PC-compatible machines to share files, printers, and other...
IBM Storwize for Lenovo initialization USB drives contain malware - us
Lenovo Security Advisory: LEN-14957 Potential Impact: Malware infection on system used to launch initialization tool Severity: Medium Summary Description: Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo V3500, V3700 and V5000 Gen 1 storage systems...
Intel ME 6.x/7.x/8.x/9.x/10.x./11.x, SPS 4.0, and TXE 3.0 Cumulative Security Update - US
Lenovo Security Advisory: LEN-17297 Potential Impact: An attacker could load and execute arbitrary code outside the visibility of the user, operating system, and hypervisor/virtualization platform; resulting in exfiltration of secrets, subtle manipulation of system operation, or denial of service...
System firmware Can Be Erased or Corrupted After Boot - US
Lenovo Security Advisory: LEN-16445 Potential Impact: An attacker could manipulate the vulnerability to prevent a system from booting, to cause it to operate in an unusual way, or execute arbitrary code during the system boot sequence. Severity: High Scope of Impact: Industry-wide CVE Identifier:...
Bluetooth Pairing Key Validation - US
Lenovo Security Advisory: LEN-22233 Potential Impact: Information disclosure, elevation of privilege, denial of service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-5383 Summary Description: The Bluetooth Special Interest Group SIG has reported a vulnerability in the...
System x Secure Boot Vulnerability - US
Lenovo Security Advisory: LEN-20241 Potential Impact: Booting unauthenticated code Severity: High Scope of Impact: Lenovo-only CVE Identifier: CVE-2017-3775 Summary Description: Lenovo internal testing discovered some System x server BIOS/UEFI versions that, when Secure Boot mode is enabled by a...
Intel Software Guard Extensions (SGX) Vulnerabilities - US
Lenovo Security Advisory: LEN-21284 Potential Impact: Elevation of privilege, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-5736, CVE-2018-3626, CVE-2018-3639, CVE-2018-3640, CVE-2018-3691 Summary Description: Intel has issued several advisories...
L1 Terminal Fault Side Channel Vulnerabilities - US
Lenovo Security Advisory: LEN-24163 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 Summary...
Brocade Fabric OS Vulnerabilities - US
Lenovo Security Advisory: LEN-18214 Potential Impact: Cross-site Scripting, Denial of Service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-6225, CVE-2017-6227 Summary Description: Brocade issued advisories BSA-2018-525 and BSA-2018-526 related to vulnerabilities in Broca...
NVIDIA Graphics Driver Multiple Vulnerabilities - US
Lenovo Security Advisory: LEN-20510 Potential Impact: Denial of service, possible escalation of privilege, code execution Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-6247, CVE-2018-6248, CVE-2018-6249, CVE-2018-6250, CVE-2018-6251, CVE-2018-6252, CVE-2018-6253 Summary...
Intel Active Management Technology MEBx Access Control Bypass - US
Lenovo Security Advisory: LEN-19568 Potential Impact: Remote access and control Severity: Critical Scope of Impact: Industry-wide Summary Description: Intel has issued an advisory for Intel vPro Active Management Technology AMT to all system manufacturers. The Intel AMT default configuration has...
Broadcom WiFi Buffer Overflow Vulnerability - US
Lenovo Security Advisory: LEN-17237 Potential Impact: Arbitrary code execution Severity: Critical Scope of Impact: Industry-wide CVE Identifier: CVE-2017-11120, CVE-2017-11121 Summary Description: Broadcom has issued an advisory for certain Broadcom WiFi controllers used by many computer and devi...
RSA Keys Generated by Infineon TPMs are Insecure - US
Lenovo Security Advisory: LEN-15552 Potential Impact: RSA keys generated by the Infineon TPM using certain firmware levels are insecure Severity: Varies; None to High Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-15361 Summary Description: A vulnerability was identified in the RSA key...
Intel Online Connect NDIS Filter Driver Parameter Corruption - US
Lenovo Security Advisory: LEN-21769 Potential Impact: Denial of service Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3634 Summary Description: Intel has issued an advisory for Intel Online Connect Access to all system manufacturers. The related Intel NDIS filter driver...
Synaptics Keyboard & Touchpad Driver Running Arbitrary Code - US
Lenovo Security Advisory: LEN-19151 Potential Impact: Execution diversion – launching arbitrary code within the user’s context Severity: Low Scope of Impact: Industry-wide CVE Identifier: TBD, Summary Description: An attacker who has already obtained access to a user’s account could attach an...
Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 only (not 10) Insecure Credential Storage - US
Lenovo Security Advisory: LEN-15999 Potential Impact: Local Privilege Escalation Severity: High Scope of Impact: Lenovo Specific CVE Identifier: CVE-2017-3762 Summary Description: A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint...
Intel SGX Update and Attestation Key Recovery - US
Lenovo Security Advisory: LEN-15184 Potential Impact: Elevation of Privilege / Information Disclosure Severity: High Scope of Impact: Industry Wide CVE Identifier: CVE-2017-5691 Summary Description: Intel has discovered a vulnerability that could impact the security of Intel® Software Guard...
BIOS SMI Handler Input Validation Failures - US
Lenovo Security Advisory: LEN-14695 Potential Impact: Execution of code in System Management Mode by an attacker with local administrative access Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-3753 Summary Description: A vulnerability has been identified in some Lenovo...
OpenSLP Heap Memory Corruption - US
Lenovo Security Advisory: LEN-18247 Potential Impact: Denial of service, other undefined behavior Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-17833 Summary Description: OpenSLP versions used in several Lenovo products are vulnerable to heap memory corruption, potentiall...
IMM2 Web Service Stack Overflow - NL
Lenovo Security Advisory: LEN-19586 Potential Impact: Stack overflow leading to memory corruption Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2017-3774 Summary Description: A stack overflow vulnerability was discovered within the web administration service in the...
Whole Disk Encryption with Intel Optane Memory Modules - US
Lenovo Security Advisory: LEN-22881 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3619 Summary Description: Intel has identified an issue where configuring an Optane memory module before enabling BitLocker whole disk encryption...
TPM 2.0 Sleep-Wake Error in BIOS Firmware - US
Lenovo Security Advisory: LEN-20494 Potential Impact: Local security-bypass Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-6622 Summary Description: Lenovo was notified of a potential security bypass vulnerability in BIOS firmware for managing the TPM 2.0 device. If an...
BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - US
Lenovo Security Advisory: LEN-20527 Potential Impact: Elevation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-9062, CVE-2018-12169 Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a...
Intel CSME / SPS and TXE Vulnerabilities - US
Lenovo Security Advisory: LEN-22810 Potential Impact: Elevation of privilege, information disclosure, denial of service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3655, CVE-2018-3657, CVE-2018-3658, CVE-2018-3659, CVE-2018-3616 Summary Description: Intel has disclosed...
Intel Q1’18 AMT 9.x/10.x/11.x Cumulative Update - US
Lenovo Security Advisory: LEN-21031 Potential Impact: Elevation of Privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3628, CVE-2018-3629, CVE-2018-3632 Summary Description: Intel performed a security review of their Intel® Management Engine ME firmware, and identifi...
Synaptics Keyboard Driver Unprotected Debug Mode - us
Synaptics Keyboard Driver Unprotected Debug Mode Lenovo Security Advisory: LEN-18507 Potential Impact: Loss of confidentiality local to system Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2017-17556 Summary Description: A researcher discovered a vulnerability in Synaptics...
Lenovo Help Mobile App Transmits Information Over HTTP - US
Lenovo Security Advisory: LEN-20475 Potential Impact: Exposure of user-identifiable information Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2017-3776 Summary Description: The Lenovo Help Android app assists users with support for Lenovo devices. This requires transmitting...
Power Management Controller (PMC) Security Vulnerability in Systems using specific Intel® CMSE or SPS firmware versions - US
Lenovo Security Advisory: LEN-22678 Potential Impact: Elevation of Privilege; Information Disclosure Severity: High Scope of Impact: Industry-wide - Systems using specific Intel® Converged Security and Management Engine CSME or Intel® Server Platform Services SPS firmware versions CVE Identifier:...
Securely Configuring LenovoEMC NAS Devices - US
Lenovo Security Advisory: LEN-11575 Potential Impact: Access to stored data if security settings have not been configured Scope of Impact: Lenovo-specific Summary Description: In light of recent work by a security researcher, Lenovo would like to remind owners of older LenovoEMC consumer Network...
Buffer Overflow in Lenovo System Update Drive Mapping Utility - US
Lenovo Security Advisory: LEN-19625 Potential Impact: Buffer overflow resulting in undefined behaviors, such as execution of arbitrary code Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9063 Summary Description: MapDrv C:\Program Files\Lenovo\System Update\mapdrv.exe...
Insecure Handling of BIOS and AMT Passwords in Intel Platform Sample Firmware - US
Lenovo Security Advisory: LEN-23848 Potential Impact: Information disclosure Severity: High Scope of Impact: Industry wide CVE Identifier: CVE-2017-5704 Summary Description: Platform sample firmware supplied by Intel for multiple processor familes, and incorporated by Lenovo into multiple product...
XClarity Administrator (LXCA) API Vulnerabilities - US
Lenovo Security Advisory: LEN-22168 Potential Impact: Privilege escalation Severity: Critical Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9064, CVE-2018-9065, CVE-2018-9066 Summary Description: A Lenovo internal product security audit has led to the discovery of access control...
Intel® Management Engine 11.x issue - US
Lenovo Security Advisory: LEN-21032 Potential Impact: Elevation of Privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3627 Summary Description: Intel performed a security review of their Intel® Management Engine ME 11.x firmware, and identified a security vulnerabili...
BIOS Write Protection Race Condition - US
Lenovo Security Advisory: LEN-20184 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9069 Summary Description: In several consumer notebook models, a race condition in BIOS flash device locking mechanism is not adequately protected...
Lenovo Replacing Distrusted GeoTrust Certificates With New DigiCert Certificates - US
Lenovo Security Advisory: LEN-24497 Scope of Impact: Industry-wide. Anyone using a GeoTrust certificate will need to update to DigiCert. Major browsers will stop trusting GeoTrust certificates as early as October. Summary Description: Many Lenovo sites use PKI certificates issued by the GeoTrust...
Integrated Management Module 2 (IMM2) First Failure Data Capture (FFDC) Information Disclosure - US
Lenovo Security Advisory: LEN-20227 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9068 Summary Description: The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware...
Lenovo Smart Assistant Factory Test Mode - US
Lenovo Security Advisory: LEN-22172 Potential Impact: Root access of the device Severity: Medium Scope of Impact: Lenovo Smart Assistant CVE Identifier: CVE-2018-9070 Summary Description: Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo. An attacker with physica...
Lenovo Help Android App Access Control - US
Lenovo Security Advisory: LEN-21561 Potential Impact: Exposure and modification of private app data Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9067 Summary Description: The Lenovo Help Android app had insufficient access control for some functions which, if...
Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - US
Lenovo Security Advisory: LEN-26696 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12127 - Microarchitectural Load Port Data Sampling MLPDS CVE-2018-12130 -...
Iomega and LenovoEMC NAS Web UI Vulnerabilities - US
Lenovo Security Advisory: LEN-24224 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo specific CVE Indentifier: CVE-2018-9074, CVE-2018-9075, CVE-2018-9076, CVE-2018-9077, CVE-2018-9078, CVE-2018-9079, CVE-2018-9080, CVE-2018-9081, CVE-2018-9082 Summary Description:...
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
Lenovo Security Advisory: LEN-24443 Potential Impact: Elevation of Privilege, Denial of Service, Information Disclosure Severity: High Scope of Impact: Systems with specific versions of Intel® PROSet/Wireless WiFi Software CVE Identifier: CVE-2006-7250, CVE-2007-3108, CVE-2007-4995, CVE-2007-5135...
Multiple potential vulnerabilities in User Mode driver components of Intel Graphics Driver Unified Shader Compiler - US
Lenovo Security Advisory: LEN-24426 Potential Impact: Elevation of Privilege, Denial of Service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-12152, CVE-2018-12153, CVE-2018-12154 Summary Description: The Intel® Graphics Drivers for Windows version 15.40.4963 and 15.36.48...
Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation - us
Lenovo Security Advisory: LEN-14963 Potential Impact: Remote or local exploitation of manageability features leading to unprivileged system access Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-5689 Summary Description: Intel manageability SKUs AMT, ISM, and SBT have a...
Intel PROSet/Wireless WiFi Software Vulnerability - US
Lenovo Security Advisory: LEN-27701 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3701, CVE-2019-0136 Summary Description: CVE-2018-3701: A potential security vulnerability in Intel PROSet/Wireless WiFi Software may allow escalatio...