critical
10
CWE
120 119
Advisory Published
Updated

CVE-2015-5684: Buffer Overflow

First published: Fri Mar 27 2020(Updated: )

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Lenovo B50-10 Firmware<cccn13ww\(v1.02\)
Lenovo B50-10 Firmware
Lenovo Flex 2 Pro-15 Firmware<a9cn46ww
Formidable Pro2pdf
Lenovo Edge 15<a9cn46ww
Lenovo Edge 15 Firmware
Lenovo Edge 15<b9cn17ww
Lenovo Flex 2 Pro-15 Firmware<b9cn17ww
Lenovo Flex 3-1470<bdcn30ww
Lenovo Flex 3-1470 Firmware
Lenovo Flex 3-1570<bdcn30ww
Lenovo Flex 3-1570 Firmware
Lenovo Flex 3-1120<c0cn25ww
Lenovo Flex 3-1120 Firmware
Lenovo G40-80<b0cn75ww
Lenovo G40-80
Lenovo G50-80M Firmware<b0cn75ww
Lenovo G50-80 Firmware
Lenovo G50-80 Touch V3000<b0cn75ww
Lenovo G50-80 Touch Firmware
Lenovo G50-80 Touch V3000<b0cn75ww
Lenovo Notebook G50-80 Touch BIOS
Lenovo G40-80M Firmware<cbcn75ww
Lenovo G40-80
Lenovo G50-80M Firmware<cbcn75ww
Lenovo G50-80M Firmware
Lenovo Ideapad 100-14iby<v1.02_\(cccn13ww\)
Lenovo Ideapad 100-14iby
Lenovo Ideapad 100-15IBY Firmware<v1.02_\(cccn13ww\)
Lenovo ideapad 100-15iby firmware
Lenovo S21e Firmware<c4cn14ww\(v1.04\)
Lenovo S21e Firmware
Lenovo S41-70 firmware<bdcn30ww
Lenovo S41-70 firmware
Lenovo U41-70<bdcn30ww
Lenovo U41-70
Lenovo s435 firmware<bbcn15ww\(v1.06\)
Lenovo s435 firmware
Lenovo M40-35 Firmware<bbcn15ww\(v1.06\)
Lenovo M40-35 Firmware
Lenovo U31-70<afcn30ww\(v2.02\)
Lenovo U31-70
Lenovo Yoga 3 14 Firmware<bacn33ww
Lenovo Yoga 3 14 Firmware
Lenovo Yoga 3 11<b8cn30ww\(v2.08\)
Lenovo Yoga 3 11 Firmware
Lenovo Y40-80 Firmware<b5cn36ww\(v2.02\)
Lenovo Y40-80 Firmware
Lenovo Z41-70<c2cn18ww\(v1.04\)
Lenovo Z41-70
Lenovo Z51-70<c2cn18ww\(v1.04\)
Lenovo Z51-70
Lenovo Z70-80<abcn75ww
Lenovo Z70-80 firmware
Lenovo G70-80<abcn75ww
Lenovo G70-80

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2015-5684?

    CVE-2015-5684 has been classified as a medium severity vulnerability due to its potential to allow remote code execution.

  • How do I fix CVE-2015-5684?

    To fix CVE-2015-5684, update the affected Lenovo BIOS to the latest version provided by Lenovo.

  • Which Lenovo devices are affected by CVE-2015-5684?

    CVE-2015-5684 affects various Lenovo notebook models, primarily those with specific firmware versions.

  • Is CVE-2015-5684 still a threat if I update my BIOS?

    Once the BIOS is updated to a non-vulnerable version, CVE-2015-5684 should no longer pose a threat.

  • When was CVE-2015-5684 publicly disclosed?

    CVE-2015-5684 was publicly disclosed on October 2015 after being fixed by Lenovo.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203