1169 matches found
Lenovo 500 Wireless Keyboard or Mouse Keystroke Injection - Lenovo Support US
No description provided...
Accessing data on Self-Encrypting drives while a system is in sleep state - Lenovo Support US
No description provided...
Lenovo Service Engine (LSE) BIOS for Desktop
Lenovo Security Advisory: LEN-2015-077 Potential Impact: Limited use of system resources Severity: Low Summary: Lenovo has released a utility to remove files configured by Lenovo Service Engine LSE on desktop systems running Windows 8 and 8.1 to follow updated security guidelines from Microsoft...
Dolby Audio X2 (DAX2) privilege escalation
A vulnerability has been identified with the file permissions for the Dolby DAX2 application programming interface API that could allow a local user to run files with system level privileges. Mitigation Strategy for Customers what you should do to protect yourself: Lenovo is currently working wit...
Dolby Audio X2 (DAX2) privilege escalation - Lenovo Support US
No description provided...
Lenovo Ultraslim Wireless Keyboard Keystroke Injection - lu
Lenovo Security Advisory: LEN-7267 Potential Impact: Potential unwanted data input Severity: Medium Scope of Impact: Industry-Wide Summary Description: A vulnerability was identified where an attacker with specialized equipment who is within close physical proximity to a system with the dongle fo...
Lenovo Ultraslim Wireless Keyboard Keystroke Injection - Lenovo Support NL
No description provided...
Data on SanDisk Solid State Drives may be recoverable after running the BIOS Secure Erase Function or the ThinkPad Drive Erase Utility - Lenovo Support US
No description provided...
Data on SanDisk Solid State Drives may be recoverable after running the BIOS Secure Erase Function or the ThinkPad Drive Erase Utility
Lenovo Security Advisory: LEN-5595 Potential Impact: Drive data may be able to be recovered after running the secure erase utility Severity:Medium Scope of Impact: Lenovo Summary Description: SanDisk’s firmware used to erase the data on these SSDs did not meet Lenovo’s specifications and it was...
SuperFish Vulnerability
Lenovo Security Advisory: LEN-2015-010 Potential Impact: Man-in-the-Middle Attack Severity: High Summary: This advisory only applies to Lenovo Notebook products. ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer and System x products are not impacted. SuperFish was previously...
SuperFish Vulnerability - Lenovo Support US
No description provided...
GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow ("GHOST")
Lenovo Security Advisory: LEN-2015-007 Potential Impact: Execution of Arbitrary Code Severity: High Summary: A vulnerability has been found in the GNU C Library glibc nsshostnamedigitsdots function that allows both local and remote users to cause a buffer overflow in network function calls...
Potential vulnerability in Intel® SSD Data Center Family for SATA - lu
Lenovo Security Advisory: LEN-6022 Potential Impact: Denial of service Severity:High Scope of Impact: Industry-Wide Summary Description: Intel Solid State Drives SSDs are used in some Lenovo System X servers. The Intel SSD Data Center Family for SATA product series was designed to the ATA-ACS...
Intel BIOS locking mechanism contains race condition that enables write protection bypass - Lenovo Support US
No description provided...
Unauthorized Modification of UEFI Variables in UEFI Systems
Lenovo Security Advisory: LEN-2014-002 Potential Impact: Modifications of UEFI variables Severity: Medium Summary: Certain firmware implementations may not correctly protect and validate information contained in certain UEFI variables. Exploitation of such vulnerabilities could potentially lead t...
Row Hammer Privilege Escalation
Lenovo Security Advisory: LEN-2015-009 Potential Impact: Escalation of Privilege Severity: Medium Summary: The Passgate issue aka “Row Hammer” is an inherent design/process limitation in memory for sub 40nm technology such as DDR3/DDR3L/LPDDR2/LPDDR3/GDDR5 that can cause errors in rows of memory...
S3 Boot Script Protection
Lenovo Security Advisory: LEN-2014-006 Potential Impact: Elevation of Privilege Severity: Medium Summary: Certain firmware implementations may not correctly protect memory that stores the BIOS S3 Boot Script when a system is suspended. Exploitation of such vulnerabilities could potentially lead t...
Overflow in UEFI Variable Reclaim Function
Lenovo Security Advisory: LEN-2014-009 Potential Impact: Elevation of Privilege or Denial of Service Severity: Medium Summary: The EDK1 UEFI reference implementation contains a buffer overflow vulnerability. Description: Taken from US-CERT advisory The open source EDK1 project provides a referenc...
Lenovo Accelerator Application Insecure Update Mechanism
Lenovo Security Advisory: LEN-6718 Potential Impact: Remote code execution by an attacker with local network access Severity: High Scope of Impact: Lenovo products described below Summary Description: A vulnerability was identified in the Lenovo Accelerator Application software which could lead t...
Intel BIOS locking mechanism contains race condition that enables write protection bypass
Lenovo Security Advisory: LEN-2015-001 Potential Impact: Denial of Service, Elevation of Privilege Severity: Medium Summary: A race condition exists in computers using Intel chipsets that rely solely on two particular BIOS write locking mechanisms. Successful exploitation of this race condition m...
SMM "Incursion" Attack
Lenovo Security Advisory: LEN-2015-002 Potential Impact: Execute arbitrary code, Bypass Secure Boot, Denial of Service, Escalation of Privilege Severity: Medium Summary: Some BIOS implementations permit unsafe System Management Mode SMM function calls to memory locations outside of System...
Lenovo Accelerator Application Insecure Update Mechanism - Lenovo Support US
No description provided...
SMM
No description provided...
Unauthorized Modification of UEFI Variables in UEFI Systems - Lenovo Support US
No description provided...
Potential vulnerability in Intel® SSD Data Center Family for SATA - Lenovo Support NL
No description provided...
GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow (
No description provided...
S3 Boot Script Protection - Lenovo Support US
No description provided...
UEFI EDK2 Capsule Update Vulnerabilities - Lenovo Support US
No description provided...
Overflow in UEFI Variable Reclaim Function - Lenovo Support US
No description provided...
POODLE: SSLv3 Vulnerability - Lenovo Support US
No description provided...
Row Hammer Privilege Escalation - Lenovo Support US
No description provided...
POODLE: SSLv3 Vulnerability
Lenovo Security Advisory: LEN-2014-007 Potential Impact: Unauthorized Access; Man-in-the-Middle MitM Attack Severity: Medium Summary: A security vulnerability known as POODLE was publicly announced that affects a relatively low number of Internet connected devices. However, this vulnerability is...
UEFI EDK2 Capsule Update Vulnerabilities
Lenovo Security Advisory: LEN-2014-001 Potential Impact: Execution of arbitrary code Severity: Medium Summary: The EDK2 UEFI reference implementation contains multiple vulnerabilities in the Capsule Update mechanism. Description: The open source EDK2 project provides a reference implementation of...
Attackers with physical access to Lenovo RackSwitches may be able to upload unsigned firmware
Lenovo Security Advisory: LEN-7805 Potential Impact: Attackers with physical access may be able to upload unsigned firmware Severity: Medium Scope of Impact: Lenovo Summary Description: During internal testing, Lenovo identified a vulnerability in some Lenovo RackSwitch Ethernet switches where an...
Attackers with physical access to Lenovo RackSwitches may be able to upload unsigned firmware - Lenovo Support US
No description provided...
NVIDIA Windows Privilege Delegation Escalation - Lenovo Support US
No description provided...
NVIDIA Windows Privilege Delegation Escalation
Lenovo Security Advisory: LEN-2015-008 Potential Impact: Escalation of Privilege Severity: Medium Summary: The NVIDIA Display Driver’s kernel administrator check improperly validates local client impersonation levels in some cases. Description: This vulnerability can only be exploited by a user...
LEN-5519: Lenovo System Update Privilege Escalation
Lenovo Security Advisory: LEN-5519 Potential Impact: Local Privilege Escalation Severity: High Scope of Impact: Lenovo Summary Description: During internal testing, Lenovo identified a local privilege escalation vulnerability in Lenovo System Update previously known as ThinkVantage System Update...
TPM "nvLocked" Permanent Flag may not be set
Customers can use the tool provided here that will determine if the “nvLocked” TPM permanent flag is set on their system, and will automatically set the flag if it has not been set already. The program will also show the user if the user non-volatile storage area is being used in their system or...
SMRAM data may be viewed on ThinkPad systems
Lenovo Security Advisory: LEN-3837 Potential Impact: Leakage of SMRAM data Severity: Low Summary: An attacker may be able to view but not modify the contents of System Management RAM SMRAM data on certain Lenovo ThinkPad systems. Description: SMRAM is a part of system memory used by the processor...
SMRAM data may be viewed on ThinkPad systems - Lenovo Support US
No description provided...
TPM
No description provided...
LEN-5519: Lenovo System Update Privilege Escalation - Lenovo Support US
No description provided...
Privilege Escalation Vulnerabilities within Lenovo Solution Center - Lenovo Support US
No description provided...
Fingerprint Validity Driver and Synaptics Fingerprint Driver Information Disclosure
Lenovo Security Advisory: LEN-4281 Potential Impact: Disclosure of biometric data Severity: Low Summary Description: A vulnerability has been identified in two drivers associated with biometric fingerprint scanners used on some Lenovo systems that could allow an attacker with local administrative...
Lenovo Fingerprint Manager
Lenovo Security Advisory: LEN-2015-017 Potential Impact: Privilege Escalation Severity: Medium Summary: Lenovo Fingerprint Manger has a local privilege escalation vulnerability. This vulnerability cannot be remotely exploited. A local user logged in to the PC could escalate their privileges by...
ThinkCentre Hard Disk Password Bypass
Potential Impact: Severity Summary Description: Mitigation Strategy for Customers what you should do to protect yourself: Update to the latest BIOS for the affected ThinkCentre by following the instructions in the readme file from the links below. Users can also update their BIOS through Lenovo...
Lenovo Fingerprint Manager and Lenovo Touch Fingerprint Software Privilege Escalation
Mitigation Strategy for Customers what you should do to protect yourself: There are several ways you can protect yourself. Lenovo recommends that you take one of the following steps: • Starting from March 18, 2016, run Lenovo System Update and install the recommended Fingerprint Manager or Lenovo...
Privilege Escalation Vulnerabilities within Lenovo Solution Center
...
Privilege Escalation and Denial of Service Vulnerabilities in System X IMM2
...