CVE-2018-9062: BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack
First published: Thu Jul 19 2018(Updated: )
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo e42-80 | <2wcn40ww | |
| Lenovo e42-80 firmware | ||
| Lenovo e42-80 firmware | <0zcn48ww | |
| Lenovo e42-80 | ||
| Lenovo e52-80 isk firmware | <2wcn40ww | |
| Lenovo e52-80 | ||
| Lenovo e52-80 | <0zcn48ww | |
| Lenovo e52-80 isk firmware | ||
| Lenovo Miix 720-12IKB | <3scn68ww | |
| Lenovo Miix 720-12IKB Firmware | ||
| Lenovo v310-14ikb firmware | <2wcn40ww | |
| Lenovo v310-14ikb firmware | ||
| Lenovo v310-14isk firmware | <0zcn48ww | |
| Lenovo v310-14ikb | ||
| Lenovo v310-15ikb | <2wcn40ww | |
| Lenovo v310-15ikb firmware | ||
| Lenovo v310-15isk | <0zcn48ww | |
| Lenovo v310-15isk firmware | ||
| Lenovo V510-14IKB Firmware | <2wcn40ww | |
| Lenovo V510-14IKB Firmware | ||
| Lenovo v510-15ikb firmware | <2wcn40ww | |
| HP v510-15ikb | ||
| Lenovo ThinkPad L380 Firmware | <r0ret28w | |
| Lenovo ThinkPad L380 | ||
| Lenovo ThinkPad e480 firmware | <r0pet47w | |
| Lenovo ThinkPad E480 | ||
| Lenovo ThinkPad e580 firmware | <r0pet47w | |
| Lenovo Thinkpad E580 | ||
| Lenovo ThinkPad L480 Firmware | <r0qet47w | |
| Lenovo ThinkPad L480 | ||
| Lenovo ThinkPad L580 Firmware | <r0qet47w | |
| Lenovo ThinkPad L580 Firmware | ||
| Lenovo ThinkPad P51 Firmware | <n1uet71w | |
| Lenovo ThinkPad P51 | ||
| Lenovo ThinkPad P51s (20HX) Firmware | <n1vet45w | |
| Lenovo ThinkPad P51s Firmware | ||
| Lenovo ThinkPad P52 Firmware | <n2cet28w | |
| Lenovo ThinkPad P52 | ||
| Lenovo ThinkPad P52s Firmware | <n27et27w | |
| Lenovo ThinkPad P52s Firmware | ||
| Lenovo ThinkPad P71 Firmware | <n1tet50w | |
| Lenovo ThinkPad P71 Firmware | ||
| Lenovo ThinkPad P72 Firmware | <n2cet28w | |
| Lenovo ThinkPad P72 Firmware | ||
| Lenovo ThinkPad T25 Firmware | <n1qet77w | |
| Lenovo ThinkPad T25 Firmware | ||
| Lenovo ThinkPad T470 firmware | <n1qet77w | |
| Lenovo ThinkPad T470p | ||
| Lenovo ThinkPad T470p firmware | <r0fet44w | |
| Lenovo ThinkPad T470p | ||
| Lenovo ThinkPad T470s Firmware | <n1wet49w | |
| Lenovo ThinkPad T470s Firmware | ||
| Lenovo ThinkPad T480 Firmware | <n24et41w | |
| Lenovo ThinkPad T480 | ||
| Lenovo ThinkPad T480s Firmware | <n22et48w | |
| Lenovo ThinkPad T480s Firmware | ||
| Lenovo ThinkPad T570 Firmware | <n1vet45w | |
| Lenovo ThinkPad T570 Firmware | ||
| Lenovo ThinkPad T580 Firmware | <n27et27w | |
| Lenovo ThinkPad T580 | ||
| Lenovo ThinkPad x380 Yoga Firmware | <r0set29w | |
| Lenovo ThinkPad X380 Yoga | ||
| Lenovo ThinkPad Yoga 11e Firmware | <r0vet23w | |
| Lenovo ThinkPad 11e YOGA | ||
| Lenovo ThinkPad Yoga 370 Firmware | <r0het48w | |
| Lenovo ThinkPad Yoga 370 Firmware | ||
| Lenovo ThinkPad S1 Firmware | <r0het48w | |
| Lenovo ThinkPad S1 Firmware | ||
| Lenovo ThinkPad X1 Carbon Firmware | <n1met49w | |
| Lenovo ThinkPad 20HQ | ||
| Lenovo 20hr | ||
| Lenovo ThinkPad X1 Carbon Firmware | <n23et52w | |
| Lenovo 20k3 | ||
| Lenovo 20k4 | ||
| Lenovo 20kg | ||
| Lenovo 20kh | ||
| Lenovo ThinkPad X1 Tablet Firmware | <n1oet45w | |
| Lenovo 20jb | ||
| Lenovo 20jc | ||
| Lenovo ThinkPad X1 Tablet Firmware | <n1zet69w | |
| Lenovo 20kj | ||
| Lenovo 20kk | ||
| Lenovo ThinkPad X1 Yoga (20SX) Firmware | <n1net42w | |
| Lenovo 20jd | ||
| Lenovo 20je | ||
| Lenovo 20jf | ||
| Lenovo 20jg | ||
| Lenovo ThinkPad X1 Yoga (20SX) Firmware | <n25et38w | |
| Lenovo 20ld | ||
| Lenovo 20le | ||
| Lenovo 20lf | ||
| Lenovo 20lg | ||
| Lenovo ThinkPad x270 firmware | <r0iet53w | |
| Lenovo 20hm | ||
| Lenovo 20hn | ||
| Lenovo 20k5 Firmware | ||
| Lenovo 20k6 Firmware | ||
| Lenovo ThinkPad x280 firmware | <n20et33w | |
| Lenovo 20ke | ||
| Lenovo 20KF |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-9062?
CVE-2018-9062 is rated as a high severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2018-9062?
To mitigate CVE-2018-9062, users should update their Lenovo ThinkPad products to the latest firmware that addresses this vulnerability.
Which devices are affected by CVE-2018-9062?
CVE-2018-9062 affects a variety of Lenovo ThinkPad and Miix models, especially those running outdated firmware versions.
What type of vulnerability is CVE-2018-9062?
CVE-2018-9062 is an arbitrary code execution vulnerability in the BIOS of certain Lenovo devices.
Can CVE-2018-9062 be exploited remotely?
Yes, CVE-2018-9062 can potentially be exploited remotely if an attacker has access to the vulnerable BIOS environment.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/title
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lenovo
- canonical/lenovo e42-80
- canonical/lenovo e42-80 firmware
- canonical/lenovo e52-80 isk firmware
- canonical/lenovo e52-80
- canonical/lenovo miix 720-12ikb
- canonical/lenovo miix 720-12ikb firmware
- canonical/lenovo v310-14ikb firmware
- canonical/lenovo v310-14isk firmware
- canonical/lenovo v310-14ikb
- canonical/lenovo v310-15ikb
- canonical/lenovo v310-15ikb firmware
- canonical/lenovo v310-15isk
- canonical/lenovo v310-15isk firmware
- canonical/lenovo v510-14ikb firmware
- canonical/lenovo v510-15ikb firmware
- canonical/hp v510-15ikb
- canonical/lenovo thinkpad l380 firmware
- canonical/lenovo thinkpad l380
- canonical/lenovo thinkpad e480 firmware
- canonical/lenovo thinkpad e480
- canonical/lenovo thinkpad e580 firmware
- canonical/lenovo thinkpad e580
- canonical/lenovo thinkpad l480 firmware
- canonical/lenovo thinkpad l480
- canonical/lenovo thinkpad l580 firmware
- canonical/lenovo thinkpad p51 firmware
- canonical/lenovo thinkpad p51
- canonical/lenovo thinkpad p51s (20hx) firmware
- canonical/lenovo thinkpad p51s firmware
- canonical/lenovo thinkpad p52 firmware
- canonical/lenovo thinkpad p52
- canonical/lenovo thinkpad p52s firmware
- canonical/lenovo thinkpad p71 firmware
- canonical/lenovo thinkpad p72 firmware
- canonical/lenovo thinkpad t25 firmware
- canonical/lenovo thinkpad t470 firmware
- canonical/lenovo thinkpad t470p
- canonical/lenovo thinkpad t470p firmware
- canonical/lenovo thinkpad t470s firmware
- canonical/lenovo thinkpad t480 firmware
- canonical/lenovo thinkpad t480
- canonical/lenovo thinkpad t480s firmware
- canonical/lenovo thinkpad t570 firmware
- canonical/lenovo thinkpad t580 firmware
- canonical/lenovo thinkpad t580
- canonical/lenovo thinkpad x380 yoga firmware
- canonical/lenovo thinkpad x380 yoga
- canonical/lenovo thinkpad yoga 11e firmware
- canonical/lenovo thinkpad 11e yoga
- canonical/lenovo thinkpad yoga 370 firmware
- canonical/lenovo thinkpad s1 firmware
- canonical/lenovo thinkpad x1 carbon firmware
- canonical/lenovo thinkpad 20hq
- canonical/lenovo 20hr
- canonical/lenovo 20k3
- canonical/lenovo 20k4
- canonical/lenovo 20kg
- canonical/lenovo 20kh
- canonical/lenovo thinkpad x1 tablet firmware
- canonical/lenovo 20jb
- canonical/lenovo 20jc
- canonical/lenovo 20kj
- canonical/lenovo 20kk
- canonical/lenovo thinkpad x1 yoga (20sx) firmware
- canonical/lenovo 20jd
- canonical/lenovo 20je
- canonical/lenovo 20jf
- canonical/lenovo 20jg
- canonical/lenovo 20ld
- canonical/lenovo 20le
- canonical/lenovo 20lf
- canonical/lenovo 20lg
- canonical/lenovo thinkpad x270 firmware
- canonical/lenovo 20hm
- canonical/lenovo 20hn
- canonical/lenovo 20k5 firmware
- canonical/lenovo 20k6 firmware
- canonical/lenovo thinkpad x280 firmware
- canonical/lenovo 20ke
- canonical/lenovo 20kf