First published: Tue Nov 27 2018(Updated: )
In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo System Management Module Firmware | <1.06 | |
Lenovo Thinkagile Hx Enclosure 7x81 | ||
Lenovo Thinkagile Hx Enclosure 7y87 | ||
Lenovo Thinkagile Hx Enclosure 7z02 | ||
Lenovo Thinkagile Vx Enclosure 7y11 | ||
Lenovo Thinkagile Vx Enclosure 7y91 | ||
Lenovo Thinksystem D2 Enclosure 7x20 | ||
Lenovo Thinksystem Modular Enclosure 7x22 |
Update SMM firmware
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.