1170 matches found
Reading Privileged Memory with a Side Channel - US
Lenovo Security Advisory: LEN-18282 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels. Severity: High Scope of Impact: Industry-wide CVE Identifier: “Spectre” CVE-2017-5753, CVE-2017-5715 “Meltdown”...
Speculative Execution Side Channel Variants 4 and 3a - US
Lenovo Security Advisory: LEN-22133 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory or registers, circumventing expected privilege levels Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3639, CVE-2018-3640 Summary...
WPA2 Protocol Vulnerabilities - US
Lenovo Security Advisory: LEN-17420 Potential Impact: An attacker could manipulate the vulnerability to affect clients through arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames Severity: High Scope of...
Intel Graphics Drivers Vulnerabilities - US
Lenovo Security Advisory: LEN-15570 Potential Impact: Privilege escalation, modification of kernel memory Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-5696, CVE-2017-5727, CVE-2017-5717, CVE-2017-5692 Summary Description: Intel has issued multiple advisories related to i...
NVIDIA Graphics Driver Multiple Vulnerabilities (including fixes for Intel Speculative Side Channel Vulnerabilities) - US
Lenovo Security Advisory: LEN-16730 Potential Impact: Denial of service, possible escalation of privilege, exfiltration of privileged memory Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-5753, CVE-2017-6266, CVE-2017-6267, CVE-2017-6268, CVE-2017-6269, CVE-2017-6270,...
Bluetooth “BlueBorne” Vulnerabilities - NL
Lenovo Security Advisory: LEN-17125 Potential Impact: Remote code execution Severity: High Scope of Impact: Industry wide CVE Identifier: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-8628, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251 Summary Description: A collection...
Samba Remote Code Execution Vulnerability
Lenovo Security Advisory: LEN-2015-016 Potential Impact: Execution of arbitrary code Severity: High Summary: Samba is an open-source implementation of the Server Message Block SMB or Common Internet File System CIFS protocol, which allows PC-compatible machines to share files, printers, and other...
IBM Storwize for Lenovo initialization USB drives contain malware - us
Lenovo Security Advisory: LEN-14957 Potential Impact: Malware infection on system used to launch initialization tool Severity: Medium Summary Description: Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo V3500, V3700 and V5000 Gen 1 storage systems...
Intel ME 6.x/7.x/8.x/9.x/10.x./11.x, SPS 4.0, and TXE 3.0 Cumulative Security Update - US
Lenovo Security Advisory: LEN-17297 Potential Impact: An attacker could load and execute arbitrary code outside the visibility of the user, operating system, and hypervisor/virtualization platform; resulting in exfiltration of secrets, subtle manipulation of system operation, or denial of service...
Intel Software Guard Extensions (SGX) Vulnerabilities - US
Lenovo Security Advisory: LEN-21284 Potential Impact: Elevation of privilege, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-5736, CVE-2018-3626, CVE-2018-3639, CVE-2018-3640, CVE-2018-3691 Summary Description: Intel has issued several advisories...
System x Secure Boot Vulnerability - US
Lenovo Security Advisory: LEN-20241 Potential Impact: Booting unauthenticated code Severity: High Scope of Impact: Lenovo-only CVE Identifier: CVE-2017-3775 Summary Description: Lenovo internal testing discovered some System x server BIOS/UEFI versions that, when Secure Boot mode is enabled by a...
System firmware Can Be Erased or Corrupted After Boot - US
Lenovo Security Advisory: LEN-16445 Potential Impact: An attacker could manipulate the vulnerability to prevent a system from booting, to cause it to operate in an unusual way, or execute arbitrary code during the system boot sequence. Severity: High Scope of Impact: Industry-wide CVE Identifier:...
Bluetooth Pairing Key Validation - US
Lenovo Security Advisory: LEN-22233 Potential Impact: Information disclosure, elevation of privilege, denial of service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-5383 Summary Description: The Bluetooth Special Interest Group SIG has reported a vulnerability in the...
NVIDIA Graphics Driver Multiple Vulnerabilities - US
Lenovo Security Advisory: LEN-20510 Potential Impact: Denial of service, possible escalation of privilege, code execution Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-6247, CVE-2018-6248, CVE-2018-6249, CVE-2018-6250, CVE-2018-6251, CVE-2018-6252, CVE-2018-6253 Summary...
L1 Terminal Fault Side Channel Vulnerabilities - US
Lenovo Security Advisory: LEN-24163 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 Summary...
Brocade Fabric OS Vulnerabilities - US
Lenovo Security Advisory: LEN-18214 Potential Impact: Cross-site Scripting, Denial of Service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-6225, CVE-2017-6227 Summary Description: Brocade issued advisories BSA-2018-525 and BSA-2018-526 related to vulnerabilities in Broca...
Intel Active Management Technology MEBx Access Control Bypass - US
Lenovo Security Advisory: LEN-19568 Potential Impact: Remote access and control Severity: Critical Scope of Impact: Industry-wide Summary Description: Intel has issued an advisory for Intel vPro Active Management Technology AMT to all system manufacturers. The Intel AMT default configuration has...
Broadcom WiFi Buffer Overflow Vulnerability - US
Lenovo Security Advisory: LEN-17237 Potential Impact: Arbitrary code execution Severity: Critical Scope of Impact: Industry-wide CVE Identifier: CVE-2017-11120, CVE-2017-11121 Summary Description: Broadcom has issued an advisory for certain Broadcom WiFi controllers used by many computer and devi...
Intel Online Connect NDIS Filter Driver Parameter Corruption - US
Lenovo Security Advisory: LEN-21769 Potential Impact: Denial of service Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3634 Summary Description: Intel has issued an advisory for Intel Online Connect Access to all system manufacturers. The related Intel NDIS filter driver...
Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 only (not 10) Insecure Credential Storage - US
Lenovo Security Advisory: LEN-15999 Potential Impact: Local Privilege Escalation Severity: High Scope of Impact: Lenovo Specific CVE Identifier: CVE-2017-3762 Summary Description: A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint...
RSA Keys Generated by Infineon TPMs are Insecure - US
Lenovo Security Advisory: LEN-15552 Potential Impact: RSA keys generated by the Infineon TPM using certain firmware levels are insecure Severity: Varies; None to High Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-15361 Summary Description: A vulnerability was identified in the RSA key...
Intel CSME / SPS and TXE Vulnerabilities - US
Lenovo Security Advisory: LEN-22810 Potential Impact: Elevation of privilege, information disclosure, denial of service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3655, CVE-2018-3657, CVE-2018-3658, CVE-2018-3659, CVE-2018-3616 Summary Description: Intel has disclosed...
Synaptics Keyboard & Touchpad Driver Running Arbitrary Code - US
Lenovo Security Advisory: LEN-19151 Potential Impact: Execution diversion – launching arbitrary code within the user’s context Severity: Low Scope of Impact: Industry-wide CVE Identifier: TBD, Summary Description: An attacker who has already obtained access to a user’s account could attach an...
BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - US
Lenovo Security Advisory: LEN-20527 Potential Impact: Elevation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-9062, CVE-2018-12169 Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a...
BIOS SMI Handler Input Validation Failures - US
Lenovo Security Advisory: LEN-14695 Potential Impact: Execution of code in System Management Mode by an attacker with local administrative access Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-3753 Summary Description: A vulnerability has been identified in some Lenovo...
Whole Disk Encryption with Intel Optane Memory Modules - US
Lenovo Security Advisory: LEN-22881 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3619 Summary Description: Intel has identified an issue where configuring an Optane memory module before enabling BitLocker whole disk encryption...
Intel SGX Update and Attestation Key Recovery - US
Lenovo Security Advisory: LEN-15184 Potential Impact: Elevation of Privilege / Information Disclosure Severity: High Scope of Impact: Industry Wide CVE Identifier: CVE-2017-5691 Summary Description: Intel has discovered a vulnerability that could impact the security of Intel® Software Guard...
Intel Q1’18 AMT 9.x/10.x/11.x Cumulative Update - US
Lenovo Security Advisory: LEN-21031 Potential Impact: Elevation of Privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3628, CVE-2018-3629, CVE-2018-3632 Summary Description: Intel performed a security review of their Intel® Management Engine ME firmware, and identifi...
Synaptics Keyboard Driver Unprotected Debug Mode - us
Synaptics Keyboard Driver Unprotected Debug Mode Lenovo Security Advisory: LEN-18507 Potential Impact: Loss of confidentiality local to system Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2017-17556 Summary Description: A researcher discovered a vulnerability in Synaptics...
TPM 2.0 Sleep-Wake Error in BIOS Firmware - US
Lenovo Security Advisory: LEN-20494 Potential Impact: Local security-bypass Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-6622 Summary Description: Lenovo was notified of a potential security bypass vulnerability in BIOS firmware for managing the TPM 2.0 device. If an...
IMM2 Web Service Stack Overflow - NL
Lenovo Security Advisory: LEN-19586 Potential Impact: Stack overflow leading to memory corruption Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2017-3774 Summary Description: A stack overflow vulnerability was discovered within the web administration service in the...
Iomega and LenovoEMC NAS Web UI Vulnerabilities - US
Lenovo Security Advisory: LEN-24224 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo specific CVE Indentifier: CVE-2018-9074, CVE-2018-9075, CVE-2018-9076, CVE-2018-9077, CVE-2018-9078, CVE-2018-9079, CVE-2018-9080, CVE-2018-9081, CVE-2018-9082 Summary Description:...
Lenovo Help Mobile App Transmits Information Over HTTP - US
Lenovo Security Advisory: LEN-20475 Potential Impact: Exposure of user-identifiable information Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2017-3776 Summary Description: The Lenovo Help Android app assists users with support for Lenovo devices. This requires transmitting...
OpenSLP Heap Memory Corruption - US
Lenovo Security Advisory: LEN-18247 Potential Impact: Denial of service, other undefined behavior Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-17833 Summary Description: OpenSLP versions used in several Lenovo products are vulnerable to heap memory corruption, potentiall...
XClarity Administrator (LXCA) API Vulnerabilities - US
Lenovo Security Advisory: LEN-22168 Potential Impact: Privilege escalation Severity: Critical Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9064, CVE-2018-9065, CVE-2018-9066 Summary Description: A Lenovo internal product security audit has led to the discovery of access control...
Power Management Controller (PMC) Security Vulnerability in Systems using specific Intel® CMSE or SPS firmware versions - US
Lenovo Security Advisory: LEN-22678 Potential Impact: Elevation of Privilege; Information Disclosure Severity: High Scope of Impact: Industry-wide - Systems using specific Intel® Converged Security and Management Engine CSME or Intel® Server Platform Services SPS firmware versions CVE Identifier:...
Buffer Overflow in Lenovo System Update Drive Mapping Utility - US
Lenovo Security Advisory: LEN-19625 Potential Impact: Buffer overflow resulting in undefined behaviors, such as execution of arbitrary code Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9063 Summary Description: MapDrv C:\Program Files\Lenovo\System Update\mapdrv.exe...
Intel® Management Engine 11.x issue - US
Lenovo Security Advisory: LEN-21032 Potential Impact: Elevation of Privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3627 Summary Description: Intel performed a security review of their Intel® Management Engine ME 11.x firmware, and identified a security vulnerabili...
Insecure Handling of BIOS and AMT Passwords in Intel Platform Sample Firmware - US
Lenovo Security Advisory: LEN-23848 Potential Impact: Information disclosure Severity: High Scope of Impact: Industry wide CVE Identifier: CVE-2017-5704 Summary Description: Platform sample firmware supplied by Intel for multiple processor familes, and incorporated by Lenovo into multiple product...
BIOS Write Protection Race Condition - US
Lenovo Security Advisory: LEN-20184 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9069 Summary Description: In several consumer notebook models, a race condition in BIOS flash device locking mechanism is not adequately protected...
Integrated Management Module 2 (IMM2) First Failure Data Capture (FFDC) Information Disclosure - US
Lenovo Security Advisory: LEN-20227 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9068 Summary Description: The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware...
Securely Configuring LenovoEMC NAS Devices - US
Lenovo Security Advisory: LEN-11575 Potential Impact: Access to stored data if security settings have not been configured Scope of Impact: Lenovo-specific Summary Description: In light of recent work by a security researcher, Lenovo would like to remind owners of older LenovoEMC consumer Network...
Lenovo Smart Assistant Factory Test Mode - US
Lenovo Security Advisory: LEN-22172 Potential Impact: Root access of the device Severity: Medium Scope of Impact: Lenovo Smart Assistant CVE Identifier: CVE-2018-9070 Summary Description: Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo. An attacker with physica...
Lenovo Help Android App Access Control - US
Lenovo Security Advisory: LEN-21561 Potential Impact: Exposure and modification of private app data Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9067 Summary Description: The Lenovo Help Android app had insufficient access control for some functions which, if...
Lenovo Replacing Distrusted GeoTrust Certificates With New DigiCert Certificates - US
Lenovo Security Advisory: LEN-24497 Scope of Impact: Industry-wide. Anyone using a GeoTrust certificate will need to update to DigiCert. Major browsers will stop trusting GeoTrust certificates as early as October. Summary Description: Many Lenovo sites use PKI certificates issued by the GeoTrust...
Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - US
Lenovo Security Advisory: LEN-26696 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12127 - Microarchitectural Load Port Data Sampling MLPDS CVE-2018-12130 -...
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
Lenovo Security Advisory: LEN-24443 Potential Impact: Elevation of Privilege, Denial of Service, Information Disclosure Severity: High Scope of Impact: Systems with specific versions of Intel® PROSet/Wireless WiFi Software CVE Identifier: CVE-2006-7250, CVE-2007-3108, CVE-2007-4995, CVE-2007-5135...
System Management Module Vulnerabilities - US
Lenovo Security Advisory: LEN-24374 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9083, CVE-2018-9084, CVE-2018-16089, CVE-2018-16090, CVE-2018-16091, CVE-2018-16092, CVE-2018-16094, CVE-2018-16095, CVE-2018-16096 Summary...
Intel PROSet/Wireless WiFi Software Vulnerability - US
Lenovo Security Advisory: LEN-27701 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3701, CVE-2019-0136 Summary Description: CVE-2018-3701: A potential security vulnerability in Intel PROSet/Wireless WiFi Software may allow escalatio...
Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation - us
Lenovo Security Advisory: LEN-14963 Potential Impact: Remote or local exploitation of manageability features leading to unprivileged system access Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2017-5689 Summary Description: Intel manageability SKUs AMT, ISM, and SBT have a...