high
7.2
CWE
74
Advisory Published
Updated

CVE-2018-9062: BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack

First published: Thu Jul 19 2018(Updated: )

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo E42-80 Firmware<2wcn40ww
Lenovo E42-80
Lenovo E42-80 Isk Firmware<0zcn48ww
Lenovo E42-80 Isk
Lenovo E52-80 Firmware<2wcn40ww
Lenovo E52-80
Lenovo E52-80 Isk Firmware<0zcn48ww
Lenovo E52-80 Isk
Lenovo Miix 720-12ikb Firmware<3scn68ww
Lenovo Miix 720-12ikb
Lenovo V310-14ikb Firmware<2wcn40ww
Lenovo V310-14ikb
Lenovo V310-14isk Firmware<0zcn48ww
Lenovo V310-14isk
Lenovo V310-15ikb Firmware<2wcn40ww
Lenovo V310-15ikb
Lenovo V310-15isk Firmware<0zcn48ww
Lenovo V310-15isk
Lenovo V510-14ikb Firmware<2wcn40ww
Lenovo V510-14ikb
Lenovo V510-15ikb Firmware<2wcn40ww
Lenovo V510-15ikb
Lenovo Thinkpad L380 Firmware<r0ret28w
Lenovo Thinkpad L380
Lenovo Thinkpad E480 Firmware<r0pet47w
Lenovo Thinkpad E480
Lenovo Thinkpad E580 Firmware<r0pet47w
Lenovo Thinkpad E580
Lenovo Thinkpad L480 Firmware<r0qet47w
Lenovo Thinkpad L480
Lenovo Thinkpad L580 Firmware<r0qet47w
Lenovo Thinkpad L580
Lenovo Thinkpad P51 Firmware<n1uet71w
Lenovo Thinkpad P51
Lenovo Thinkpad P51s Firmware<n1vet45w
Lenovo Thinkpad P51s
Lenovo Thinkpad P52 Firmware<n2cet28w
Lenovo Thinkpad P52
Lenovo Thinkpad P52s Firmware<n27et27w
Lenovo Thinkpad P52s
Lenovo Thinkpad P71 Firmware<n1tet50w
Lenovo Thinkpad P71
Lenovo Thinkpad P72 Firmware<n2cet28w
Lenovo Thinkpad P72
Lenovo Thinkpad T25 Firmware<n1qet77w
Lenovo Thinkpad T25
Lenovo Thinkpad T470 Firmware<n1qet77w
Lenovo Thinkpad T470
Lenovo Thinkpad T470p Firmware<r0fet44w
Lenovo Thinkpad T470p
Lenovo Thinkpad T470s Firmware<n1wet49w
Lenovo Thinkpad T470s
Lenovo Thinkpad T480 Firmware<n24et41w
Lenovo Thinkpad T480
Lenovo Thinkpad T480s Firmware<n22et48w
Lenovo Thinkpad T480s
Lenovo Thinkpad T570 Firmware<n1vet45w
Lenovo Thinkpad T570
Lenovo Thinkpad T580 Firmware<n27et27w
Lenovo Thinkpad T580
Lenovo Thinkpad X380 Yoga Firmware<r0set29w
Lenovo Thinkpad X380 Yoga
Lenovo Thinkpad Yoga 11e Firmware<r0vet23w
Lenovo Thinkpad Yoga 11e
Lenovo Thinkpad Yoga 370 Firmware<r0het48w
Lenovo Thinkpad Yoga 370
Lenovo Thinkpad S1 Firmware<r0het48w
Lenovo Thinkpad S1
Lenovo Thinkpad X1 Carbon Firmware<n1met49w
Lenovo 20hq
Lenovo 20hr
Lenovo Thinkpad X1 Carbon Firmware<n23et52w
Lenovo 20k3
Lenovo 20k4
Lenovo 20kg
Lenovo 20kh
Lenovo Thinkpad X1 Tablet Firmware<n1oet45w
Lenovo 20jb
Lenovo 20jc
Lenovo Thinkpad X1 Tablet Firmware<n1zet69w
Lenovo 20kj
Lenovo 20kk
Lenovo Thinkpad X1 Yoga Firmware<n1net42w
Lenovo 20jd
Lenovo 20je
Lenovo 20jf
Lenovo 20jg
Lenovo Thinkpad X1 Yoga Firmware<n25et38w
Lenovo 20ld
Lenovo 20le
Lenovo 20lf
Lenovo 20lg
Lenovo Thinkpad X270 Firmware<r0iet53w
Lenovo 20hm
Lenovo 20hn
Lenovo 20k5
Lenovo 20k6
Lenovo Thinkpad X280 Firmware<n20et33w
Lenovo 20ke
Lenovo 20kf

Remedy

https://support.lenovo.com/us/en/solutions/LEN-20527

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203