CVE-2017-3754
First published: Mon Jul 17 2017(Updated: )
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo BIOS EFI Driver | ||
| Lenovo 710s-13ikb | ||
| Lenovo 710s-13isk / Xiaoxin Air 13 | ||
| Lenovo K21-80 | ||
| Lenovo K22-80 / Lenovo V720-12 | ||
| Lenovo K41-80 | ||
| Lenovo Ideapad 110-14AST | ||
| Lenovo Ideapad 110-15ast | ||
| Lenovo Ideapad 320-14AST | ||
| Lenovo Ideapad 320-15AST | ||
| Lenovo Xiaoxin Rui7000 | ||
| Lenovo Miix 710 12IKB BIOS | ||
| Lenovo Miix 720-12IKB Firmware | ||
| Lenovo Notebook 320-17AST | ||
| Lenovo Rescuer E520-15IKB | ||
| Lenovo V110-14iap | ||
| Lenovo V110-15iap | ||
| Lenovo V110-15IKB | ||
| Lenovo V110-15ast | ||
| Lenovo Notebook Yoga 710 11IKB BIOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-3754?
CVE-2017-3754 is considered a high severity vulnerability due to the potential for unauthorized BIOS flashing.
How do I fix CVE-2017-3754?
To fix CVE-2017-3754, ensure that BIOS write protection settings are properly configured in the system BIOS.
Who is affected by CVE-2017-3754?
CVE-2017-3754 affects certain Lenovo brand notebook systems that lack proper BIOS write protections.
Can CVE-2017-3754 be exploited remotely?
No, CVE-2017-3754 requires physical or administrative access to the vulnerable system to be exploited.
What are the risks associated with CVE-2017-3754?
The risks associated with CVE-2017-3754 include the possibility of an attacker running malicious code directly from a compromised BIOS.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lenovo
- canonical/lenovo bios efi driver
- canonical/lenovo 710s-13ikb
- canonical/lenovo 710s-13isk / xiaoxin air 13
- canonical/lenovo k21-80
- canonical/lenovo k22-80 / lenovo v720-12
- canonical/lenovo k41-80
- canonical/lenovo ideapad 110-14ast
- canonical/lenovo ideapad 110-15ast
- canonical/lenovo ideapad 320-14ast
- canonical/lenovo ideapad 320-15ast
- canonical/lenovo xiaoxin rui7000
- canonical/lenovo miix 710 12ikb bios
- canonical/lenovo miix 720-12ikb firmware
- canonical/lenovo notebook 320-17ast
- canonical/lenovo rescuer e520-15ikb
- canonical/lenovo v110-14iap
- canonical/lenovo v110-15iap
- canonical/lenovo v110-15ikb
- canonical/lenovo v110-15ast
- canonical/lenovo notebook yoga 710 11ikb bios