AMI Firmware Permits Microcode Downgrade - Lenovo Support US

No description provided...

Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US

No description provided...

Intel® PROSet/Wireless WiFi Software Vulnerabilities - US

Lenovo Security Advisory: LEN-24443 Potential Impact: Elevation of Privilege, Denial of Service, Information Disclosure Severity: High Scope of Impact: Systems with specific versions of Intel® PROSet/Wireless WiFi Software CVE Identifier: CVE-2006-7250, CVE-2007-3108, CVE-2007-4995, CVE-2007-5135...

Lenovo Smart Assistant Factory Test Mode - Lenovo Support US

No description provided...

Reading Privileged Memory with a Side Channel - Lenovo Support US

No description provided...

Reading Privileged Memory with a Side Channel - US

Lenovo Security Advisory: LEN-18282 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels. Severity: High Scope of Impact: Industry-wide CVE Identifier: “Spectre” CVE-2017-5753, CVE-2017-5715 “Meltdown”...

System Management Module Vulnerabilities - Lenovo Support US

No description provided...

System Management Module Vulnerabilities - US

Lenovo Security Advisory: LEN-24374 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9083, CVE-2018-9084, CVE-2018-16089, CVE-2018-16090, CVE-2018-16091, CVE-2018-16092, CVE-2018-16094, CVE-2018-16095, CVE-2018-16096 Summary...

Intel Software Guard Extensions (SGX) Vulnerabilities - Lenovo Support US

No description provided...

RSA Keys Generated by Infineon TPMs are Insecure - Lenovo Support US

No description provided...

Intel CSME / SPS and TXE Vulnerabilities - Lenovo Support US

No description provided...

Power Management Controller (PMC) Security Vulnerability in Systems using specific Intel® CSME or SPS firmware versions - Lenovo Support US

No description provided...

BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - Lenovo Support US

No description provided...

Insecure Handling of BIOS and AMT Passwords in Intel Platform Sample Firmware - Lenovo Support US

No description provided...

Insecure Handling of BIOS and AMT Passwords in Intel Platform Sample Firmware - US

Lenovo Security Advisory: LEN-23848 Potential Impact: Information disclosure Severity: High Scope of Impact: Industry wide CVE Identifier: CVE-2017-5704 Summary Description: Platform sample firmware supplied by Intel for multiple processor familes, and incorporated by Lenovo into multiple product...

BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - US

Lenovo Security Advisory: LEN-20527 Potential Impact: Elevation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-9062, CVE-2018-12169 Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a...

Iomega and LenovoEMC NAS Web UI Vulnerabilities - US

Lenovo Security Advisory: LEN-24224 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo specific CVE Indentifier: CVE-2018-9074, CVE-2018-9075, CVE-2018-9076, CVE-2018-9077, CVE-2018-9078, CVE-2018-9079, CVE-2018-9080, CVE-2018-9081, CVE-2018-9082 Summary Description:...

Iomega and LenovoEMC NAS Web UI Vulnerabilities - Lenovo Support US

No description provided...

Intel CSME / SPS and TXE Vulnerabilities - US

Lenovo Security Advisory: LEN-22810 Potential Impact: Elevation of privilege, information disclosure, denial of service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3655, CVE-2018-3657, CVE-2018-3658, CVE-2018-3659, CVE-2018-3616 Summary Description: Intel has disclosed...

Power Management Controller (PMC) Security Vulnerability in Systems using specific Intel® CMSE or SPS firmware versions - US

Lenovo Security Advisory: LEN-22678 Potential Impact: Elevation of Privilege; Information Disclosure Severity: High Scope of Impact: Industry-wide - Systems using specific Intel® Converged Security and Management Engine CSME or Intel® Server Platform Services SPS firmware versions CVE Identifier:...

BIOS Write Protection Race Condition - US

Lenovo Security Advisory: LEN-20184 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9069 Summary Description: In several consumer notebook models, a race condition in BIOS flash device locking mechanism is not adequately protected...

BIOS Write Protection Race Condition - Lenovo Support US

No description provided...

TPM 2.0 Sleep-Wake Error in BIOS Firmware - US

Lenovo Security Advisory: LEN-20494 Potential Impact: Local security-bypass Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-6622 Summary Description: Lenovo was notified of a potential security bypass vulnerability in BIOS firmware for managing the TPM 2.0 device. If an...

Speculative Execution Side Channel Vulnerability Variants - Lenovo Support US

No description provided...

Speculative Execution Side Channel Variants 4 and 3a - US

Lenovo Security Advisory: LEN-22133 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory or registers, circumventing expected privilege levels Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3639, CVE-2018-3640 Summary...

Bluetooth Pairing Key Validation - Lenovo Support US

No description provided...

Lenovo Replacing Distrusted GeoTrust Certificates With New DigiCert Certificates - US

Lenovo Security Advisory: LEN-24497 Scope of Impact: Industry-wide. Anyone using a GeoTrust certificate will need to update to DigiCert. Major browsers will stop trusting GeoTrust certificates as early as October. Summary Description: Many Lenovo sites use PKI certificates issued by the GeoTrust...

Lenovo Replacing Distrusted GeoTrust Certificates With New DigiCert Certificates - Lenovo Support US

No description provided...

Bluetooth Pairing Key Validation - US

Lenovo Security Advisory: LEN-22233 Potential Impact: Information disclosure, elevation of privilege, denial of service Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-5383 Summary Description: The Bluetooth Special Interest Group SIG has reported a vulnerability in the...

Whole Disk Encryption with Intel Optane Memory Modules - Lenovo Support US

No description provided...

Whole Disk Encryption with Intel Optane Memory Modules - US

Lenovo Security Advisory: LEN-22881 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3619 Summary Description: Intel has identified an issue where configuring an Optane memory module before enabling BitLocker whole disk encryption...

Intel Software Guard Extensions (SGX) Vulnerabilities - US

Lenovo Security Advisory: LEN-21284 Potential Impact: Elevation of privilege, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-5736, CVE-2018-3626, CVE-2018-3639, CVE-2018-3640, CVE-2018-3691 Summary Description: Intel has issued several advisories...

L1 Terminal Fault Side Channel Vulnerabilities - US

Lenovo Security Advisory: LEN-24163 Potential Impact: Malicious code running locally may be able to observe contents of privileged memory, circumventing expected privilege levels Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 Summary...

L1 Terminal Fault Side Channel Vulnerabilities - Lenovo Support US

No description provided...

NVIDIA Graphics Driver Multiple Vulnerabilities (including fixes for Intel Speculative Side Channel Vulnerabilities) - Lenovo Support US

No description provided...

NVIDIA Graphics Driver Multiple Vulnerabilities (including fixes for Intel Speculative Side Channel Vulnerabilities) - US

Lenovo Security Advisory: LEN-16730 Potential Impact: Denial of service, possible escalation of privilege, exfiltration of privileged memory Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2017-5753, CVE-2017-6266, CVE-2017-6267, CVE-2017-6268, CVE-2017-6269, CVE-2017-6270,...

Securely Configuring LenovoEMC NAS Devices - US

Lenovo Security Advisory: LEN-11575 Potential Impact: Access to stored data if security settings have not been configured Scope of Impact: Lenovo-specific Summary Description: In light of recent work by a security researcher, Lenovo would like to remind owners of older LenovoEMC consumer Network...

NVIDIA Graphics Driver Multiple Vulnerabilities - US

Lenovo Security Advisory: LEN-20510 Potential Impact: Denial of service, possible escalation of privilege, code execution Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-6247, CVE-2018-6248, CVE-2018-6249, CVE-2018-6250, CVE-2018-6251, CVE-2018-6252, CVE-2018-6253 Summary...

NVIDIA Graphics Driver Multiple Vulnerabilities - Lenovo Support US

No description provided...

TPM 2.0 Sleep-Wake Error in BIOS Firmware - Lenovo Support US

No description provided...

XClarity Administrator (LXCA) API Vulnerabilities - US

Lenovo Security Advisory: LEN-22168 Potential Impact: Privilege escalation Severity: Critical Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9064, CVE-2018-9065, CVE-2018-9066 Summary Description: A Lenovo internal product security audit has led to the discovery of access control...

XClarity Administrator (LXCA) API Vulnerabilities - Lenovo Support US

No description provided...

Integrated Management Module 2 (IMM2) First Failure Data Capture (FFDC) Information Disclosure - US

Lenovo Security Advisory: LEN-20227 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9068 Summary Description: The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware...

Integrated Management Module 2 (IMM2) First Failure Data Capture (FFDC) Information Disclosure - Lenovo Support US

No description provided...

Intel ME 6.x/7.x/8.x/9.x/10.x./11.x, SPS 4.0, and TXE 3.0 Cumulative Security Update - Lenovo Support US

No description provided...

Intel ME 6.x/7.x/8.x/9.x/10.x./11.x, SPS 4.0, and TXE 3.0 Cumulative Security Update - US

Lenovo Security Advisory: LEN-17297 Potential Impact: An attacker could load and execute arbitrary code outside the visibility of the user, operating system, and hypervisor/virtualization platform; resulting in exfiltration of secrets, subtle manipulation of system operation, or denial of service...

Bluetooth “BlueBorne” Vulnerabilities - NL

Lenovo Security Advisory: LEN-17125 Potential Impact: Remote code execution Severity: High Scope of Impact: Industry wide CVE Identifier: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-8628, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251 Summary Description: A collection...

System firmware Can Be Erased or Corrupted After Boot - US

Lenovo Security Advisory: LEN-16445 Potential Impact: An attacker could manipulate the vulnerability to prevent a system from booting, to cause it to operate in an unusual way, or execute arbitrary code during the system boot sequence. Severity: High Scope of Impact: Industry-wide CVE Identifier:...

Intel Q1’18 AMT 9.x/10.x/11.x Cumulative Update - Lenovo Support US

No description provided...

Lenovo Smart Assistant Factory Test Mode - US

Lenovo Security Advisory: LEN-22172 Potential Impact: Root access of the device Severity: Medium Scope of Impact: Lenovo Smart Assistant CVE Identifier: CVE-2018-9070 Summary Description: Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo. An attacker with physica...