Venom - Lenovo Support US

No description provided...

USB Enhanced Performance Keyboard - Lenovo Support US

No description provided...

Information about LenovoEMC devices may be disclosed if the device has an Internet-accessible management interface - Lenovo Support US

No description provided...

Inherent Risks of Using the Intelligent Platform Management Interface (IPMI) on the Lenovo System x Integrated Management Module (IMM), Integrated Management Module II (IMM2) and ThinkServer TSM - Lenovo Support US

No description provided...

Certain BIOS versions may include an AMI Test Key that could compromise Secure Boot protections - lu

Lenovo Security Advisory: LEN-7806 Potential Impact: Secure boot may be compromised by an attacker with local access Severity: High Scope of Impact: Lenovo-specific Summary Description: Secure Boot is a security standard to help make sure that your PC boots using only trusted software. When the P...

Inherent Risks of Using the Intelligent Platform Management Interface (IPMI) on the Lenovo System x Integrated Management Module (IMM), Integrated Management Module II (IMM2) and ThinkServer TSM - us

Lenovo Security Advisory: LEN-10617 Potential Impact: Access to systems through IPMI if default settings are not changed Severity: High Scope of Impact: Industry-Wide CVE Identifiers: CVE-2013-4037, CVE-2013-4031 Summary Description: Various risks with the industry-standard Intelligent Platform...

Samba Remote Code Execution Vulnerability

Lenovo Security Advisory: LEN-2015-016 Potential Impact: Execution of arbitrary code Severity: High Summary: Samba is an open-source implementation of the Server Message Block SMB or Common Internet File System CIFS protocol, which allows PC-compatible machines to share files, printers, and other...

LEN-7814 Lenovo Solution Center Arbitrary Process Termination or Code Execution by Unprivileged Local Users - Lenovo Support MY

No description provided...

LEN-7814 Lenovo Solution Center Arbitrary Process Termination or Code Execution by Unprivileged Local Users - my

Lenovo Security Advisory: LEN-7814 Potential Impact: Arbitrary process termination or code execution by unprivileged local users Severity: High Scope of Impact: Lenovo specific Summary Description: Local privilege escalation vulnerabilities were identified in Lenovo Solution Center where...

Privilege Escalation Vulnerability in Lenovo Transition Application - us

Lenovo Security Advisory: LEN-12508 Potential Impact: Local privilege escalation Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2016-8227 Summary Description: A vulnerability was identified in the Lenovo Transition program specific to some Lenovo Yoga, Flex and Miix systems...

Privilege Escalation Vulnerability in Lenovo Transition Application - Lenovo Support US

No description provided...

AMI BIOS SMM Code Execution Vulnerability

Lenovo Security Advisory: LEN-4710 Potential Impact: Execution of code in SMM by an attacker with administrative access Severity: Medium Scope of impact: Industry-wide Summary Description: System Management Mode SMM is the most privileged execution mode of the x86 processor. Software System...

AMI BIOS SMM Code Execution Vulnerability - Lenovo Support US

No description provided...

Maliciously crafted packet sent during PXE boot can cause system hang - bo

Lenovo Security Advisory: LEN-7908 Potential Impact: System hang during PXE boot recoverable on reboot Severity: Medium Scope of Impact: Industry-Wide Summary Description: An industry-wide BIOS vulnerability was identified by the UEFI Security Response team that has been addressed in the latest...

Maliciously crafted packet sent during PXE boot can cause system hang - Lenovo Support BO

No description provided...

Lenovo Edge USB Keyboard Driver Local Privilege Escalation - us

Lenovo Security Advisory: LEN-11588 Potential Impact: Escalation of privileges by a local user Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2016-8225 Summary Description: A vulnerability was identified in the Lenovo Edge USB Keyboard driver for Windows 7, 8 and 10 where a...

Denial of service attack on Lenovo System X M5, M6, and X6 systems - Lenovo Support US

No description provided...

Microsoft Windows 10 Virtualization-Based Security Bypass - Lenovo Support US

No description provided...

Lenovo Edge USB Keyboard Driver Local Privilege Escalation - Lenovo Support US

No description provided...

Denial of service attack on Lenovo System X M5, M6, and X6 systems - us

Lenovo Security Advisory: LEN-11306 Potential Impact: Denial of service Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2016-8226 Summary Description: A vulnerability was identified in the BIOS of Lenovo System X M5, M6, and X6 systems. An attacker with administrative access...

Microsoft Windows 10 Virtualization-Based Security Bypass - us

Lenovo Security Advisory: LEN-8584 Potential Impact: Microsoft Virtualization-based security bypass by an attacker with administrative privileges Severity: Medium Scope of Impact: Industry-Wide Summary Description: A vulnerability affecting the virtualization-based security in Microsoft Windows 1...

Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems - us

Lenovo Security Advisory: LEN-9903 Potential Impact: Denial of service or privilege escalation by an attacker with administrative access Severity: Medium Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-8224 Summary Description: A vulnerability has been identified in some Lenovo Notebook a...

System Management Mode (SMM) BIOS Vulnerability - Lenovo Support US

No description provided...

Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems - Lenovo Support US

No description provided...

System Management Mode (SMM) BIOS Vulnerability - us

Lenovo Security Advisory: LEN-8324 Potential Impact: Execution of code in SMM by an attacker with local administrative access Severity: High Scope of Impact: Industry-wide Update as of 7/28/2016: Refer to "Revision History" for all new updates. Update as of 7/19/2016: Updated the "Product Impact"...

Microsoft Device Guard protection bypass - us

Lenovo Security Advisory: LEN-8327 Potential Impact: Denial of service Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2016-8222 Summary Description: A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacke...

Microsoft Device Guard protection bypass - Lenovo Support US

No description provided...

Lenovo System Interface Foundation Privilege Escalation - Lenovo Support US

No description provided...

Lenovo System Interface Foundation Privilege Escalation - us

Lenovo Security Advisory: LEN-10150 Potential Impact: Local privilege escalation Severity: High Scope of Impact: Lenovo specific CVE Identifier: CVE-2016-8223 Summary Description: During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System...

NVIDIA GPU Kernel Driver Escape - Lenovo Support US

No description provided...

GNU Bourne-Again Shell (Bash) 'Shellshock' - Lenovo Support US

No description provided...

GNU Bourne-Again Shell (Bash) 'Shellshock'

Lenovo Security Advisory: LEN-2014-003 Potential Impact: Execution of arbitrary code Severity: High Summary: GNU Bash is the common command-line shell used in many Linux/UNIX systems. The vulnerability is also referred to as “Shellshock. ” Exploitation of this vulnerability may allow a remote...

NVIDIA GPU Kernel Driver Escape

Lenovo Security Advisory: LEN-5551 Potential Impact: Privilege escalation, potential information disclosure, crashes or denial of service Severity: High Scope of Impact: Industry-Wide Summary Description: On March 21, 2016, NVIDIA announced three high-severity driver vulnerabilities. These driver...

Data on Toshiba Solid State Drives may be recoverable after running the BIOS Secure Erase Function or the ThinkPad Drive Erase Utility - us

Lenovo Security Advisory: LEN-9458 Potential Impact: Drive data may be able to be recovered after running the secure erase utility Severity: Medium Scope of Impact: Lenovo-specific Summary Description: Toshiba’s firmware used to erase the data on the following SSDs did not meet Lenovo’s...

Data on Toshiba Solid State Drives may be recoverable after running the BIOS Secure Erase Function or the ThinkPad Drive Erase Utility - Lenovo Support US

No description provided...

Local Privilege Escalation or Denial of Service via the Intel® Graphics Driver - Lenovo Support US

No description provided...

Intel releases fix for sleep mode configuration bypass

Lenovo Security Advisory: LEN-2015-049, LEN-2015-050, LEN-2015-051 Potential Impact: Elevation of Privilege Severity: High Summary: Intel has released an update that has been incorporated into the latest Lenovo BIOS to fix vulnerabilities dealing with systems going into sleep mode. Description:...

BIOS EFI Driver SMM Code Execution Vulnerability - my

Lenovo Security Advisory: LEN-4901 Potential Impact: Execution of code in SMM by an attacker with local administrative access Severity: Medium Scope of Impact: Lenovo specific Summary Description: System Management Mode SMM is the most privileged execution mode of the x86 processor. A vulnerabili...

Intel releases fix for sleep mode configuration bypass - Lenovo Support US

No description provided...

Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH) - Lenovo Support US

No description provided...

BIOS EFI Driver SMM Code Execution Vulnerability - Lenovo Support MY

No description provided...

Memory corruption due to an unsanitized pointer in the NVIDIA display driver - Lenovo Support US

No description provided...

Memory corruption due to an unsanitized pointer in the NVIDIA display driver

Lenovo Security Advisory: LEN-3313 Potential Impact: Escalation of privileges Severity: Medium Summary: A vulnerability has been found in the NVIDIA driver that could be used to allow a local, non-privileged user to corrupt kernel memory. This could be used to gain local root privileges...

Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH)

Lenovo Security Advisory: LEN-4603 Potential Impact: An attacker with man-in-the-middle capabilities could decrypt encrypted traffic or impersonate a legitimate client or server Severity: Medium Scope of Impact: Industry-Wide Summary Description: A flaw was found in the way the TLS 1.2 protocol...

Accessing data on Self-Encrypting drives while a system is in sleep state

Lenovo Security Advisory: LEN-2910 Potential Impact: Physical access of encrypted data Severity: Informational Summary: At the BlackHat Europe 2015 conference, KPMG disclosed an industry-wide vulnerability affecting hard disk drives that employ hardware-based Full Disk Encryption FDE. These drive...

Lenovo 500 Wireless Keyboard or Mouse Keystroke Injection

Lenovo Security Advisory: LEN-4292 Potential Impact: Potential unwanted data input Severity: Low Summary: An unauthorized attacker may be able to enter keyboard inputs through the Lenovo 500 Wireless keyboard or mouse dongle. Description: A vulnerability was identified where an attacker with...

Lenovo XClarity Administrator (LXCA) Local Privilege Escalation - lu

Lenovo Security Advisory: LEN-7145 Potential Impact: Local privilege escalation Severity:High Scope of Impact: Lenovo Summary Description: During internal testing, Lenovo identified a local privilege escalation vulnerability in certain versions of LXCA that could allow a local user with...

Lenovo Mouse Suite Escalation of Privileges

Lenovo Security Advisory: LEN-2015-066 Potential Impact: Escalation of Privileges Severity: High Summary: A user with local privileges may be able to run files as an administrator in Lenovo Mouse Suite included with ThinkPad Precision Wireless Mouse –part number 0B47161. Description: The Lenovo...

Lenovo XClarity Administrator (LXCA) Local Privilege Escalation - Lenovo Support NL

No description provided...

Lenovo Mouse Suite Escalation of Privileges - Lenovo Support US

No description provided...