CVE-2018-9062: BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack
First published: Thu Jul 19 2018(Updated: )
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo e42-80 firmware | <2wcn40ww | |
| Lenovo e42-80 | ||
| Lenovo e42-80 isk | <0zcn48ww | |
| Lenovo e42-80 isk firmware | ||
| Lenovo e52-80 firmware | <2wcn40ww | |
| Lenovo e52-80 | ||
| Lenovo e52-80 isk firmware | <0zcn48ww | |
| Lenovo e52-80 isk firmware | ||
| Lenovo miix 720-12ikb firmware | <3scn68ww | |
| Lenovo miix 720-12ikb | ||
| Lenovo v310-14ikb firmware | <2wcn40ww | |
| Lenovo v310-14ikb | ||
| Lenovo v310-14isk firmware | <0zcn48ww | |
| Lenovo v310-14isk | ||
| Lenovo v310-15ikb firmware | <2wcn40ww | |
| Lenovo v310-15ikb | ||
| Lenovo v310-15isk firmware | <0zcn48ww | |
| Lenovo v310-15isk | ||
| Lenovo v510-14ikb firmware | <2wcn40ww | |
| Lenovo v510-14ikb | ||
| Lenovo v510-15ikb firmware | <2wcn40ww | |
| Lenovo v510-15ikb | ||
| Lenovo ThinkPad l380 firmware | <r0ret28w | |
| lenovo thinkpad l380 | ||
| Lenovo ThinkPad e480 firmware | <r0pet47w | |
| lenovo thinkpad e480 | ||
| Lenovo ThinkPad e580 firmware | <r0pet47w | |
| lenovo thinkpad e580 | ||
| Lenovo ThinkPad l480 firmware | <r0qet47w | |
| lenovo thinkpad l480 | ||
| Lenovo ThinkPad l580 firmware | <r0qet47w | |
| lenovo thinkpad l580 | ||
| Lenovo ThinkPad P51 Firmware | <n1uet71w | |
| Lenovo ThinkPad P51 | ||
| Lenovo ThinkPad P51s Firmware | <n1vet45w | |
| Lenovo ThinkPad P51s Firmware | ||
| Lenovo ThinkPad P52 Firmware | <n2cet28w | |
| Lenovo ThinkPad P52 | ||
| Lenovo ThinkPad P52s Firmware | <n27et27w | |
| Lenovo ThinkPad P52s Firmware | ||
| Lenovo ThinkPad p71 firmware | <n1tet50w | |
| lenovo thinkpad p71 | ||
| Lenovo ThinkPad P72 Firmware | <n2cet28w | |
| Lenovo ThinkPad P72 | ||
| Lenovo ThinkPad t25 firmware | <n1qet77w | |
| lenovo thinkpad t25 | ||
| Lenovo ThinkPad T470 firmware | <n1qet77w | |
| lenovo thinkpad t470 | ||
| Lenovo ThinkPad T470p firmware | <r0fet44w | |
| lenovo thinkpad t470p | ||
| Lenovo ThinkPad t470s firmware | <n1wet49w | |
| Lenovo ThinkPad T470s | ||
| Lenovo ThinkPad t480 firmware | <n24et41w | |
| lenovo thinkpad t480 | ||
| Lenovo ThinkPad t480s firmware | <n22et48w | |
| lenovo thinkpad t480s | ||
| Lenovo ThinkPad t570 firmware | <n1vet45w | |
| lenovo thinkpad t570 | ||
| Lenovo ThinkPad t580 firmware | <n27et27w | |
| lenovo thinkpad t580 | ||
| Lenovo ThinkPad x380 yoga firmware | <r0set29w | |
| lenovo thinkpad x380 yoga | ||
| Lenovo ThinkPad yoga 11e firmware | <r0vet23w | |
| Lenovo ThinkPad yoga 11e | ||
| Lenovo ThinkPad yoga 370 firmware | <r0het48w | |
| lenovo thinkpad yoga 370 | ||
| lenovo ThinkPad s1 firmware | <r0het48w | |
| lenovo ThinkPad s1 | ||
| Lenovo ThinkPad x1 carbon firmware | <n1met49w | |
| Lenovo 20hq | ||
| Lenovo 20hr | ||
| Lenovo ThinkPad x1 carbon firmware | <n23et52w | |
| Lenovo 20k3 | ||
| Lenovo 20k4 | ||
| Lenovo 20kg | ||
| Lenovo 20kh | ||
| Lenovo ThinkPad x1 tablet firmware | <n1oet45w | |
| Lenovo 20jb | ||
| Lenovo 20jc | ||
| Lenovo ThinkPad x1 tablet firmware | <n1zet69w | |
| Lenovo 20kj | ||
| Lenovo 20kk | ||
| Lenovo ThinkPad x1 yoga firmware | <n1net42w | |
| Lenovo 20jd | ||
| Lenovo 20je | ||
| Lenovo 20jf | ||
| Lenovo 20jg | ||
| Lenovo ThinkPad x1 yoga firmware | <n25et38w | |
| Lenovo 20ld | ||
| Lenovo 20le | ||
| Lenovo 20lf | ||
| Lenovo 20lg | ||
| Lenovo ThinkPad x270 firmware | <r0iet53w | |
| Lenovo 20hm | ||
| Lenovo 20hn | ||
| Lenovo 20k5 | ||
| Lenovo 20k6 | ||
| Lenovo ThinkPad x280 firmware | <n20et33w | |
| Lenovo 20ke | ||
| Lenovo 20kf |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/title
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lenovo
- canonical/lenovo e42-80 firmware
- canonical/lenovo e42-80
- canonical/lenovo e42-80 isk
- canonical/lenovo e42-80 isk firmware
- canonical/lenovo e52-80 firmware
- canonical/lenovo e52-80
- canonical/lenovo e52-80 isk firmware
- canonical/lenovo miix 720-12ikb firmware
- canonical/lenovo miix 720-12ikb
- canonical/lenovo v310-14ikb firmware
- canonical/lenovo v310-14ikb
- canonical/lenovo v310-14isk firmware
- canonical/lenovo v310-14isk
- canonical/lenovo v310-15ikb firmware
- canonical/lenovo v310-15ikb
- canonical/lenovo v310-15isk firmware
- canonical/lenovo v310-15isk
- canonical/lenovo v510-14ikb firmware
- canonical/lenovo v510-14ikb
- canonical/lenovo v510-15ikb firmware
- canonical/lenovo v510-15ikb
- canonical/lenovo thinkpad l380 firmware
- canonical/lenovo thinkpad l380
- canonical/lenovo thinkpad e480 firmware
- canonical/lenovo thinkpad e480
- canonical/lenovo thinkpad e580 firmware
- canonical/lenovo thinkpad e580
- canonical/lenovo thinkpad l480 firmware
- canonical/lenovo thinkpad l480
- canonical/lenovo thinkpad l580 firmware
- canonical/lenovo thinkpad l580
- canonical/lenovo thinkpad p51 firmware
- canonical/lenovo thinkpad p51
- canonical/lenovo thinkpad p51s firmware
- canonical/lenovo thinkpad p52 firmware
- canonical/lenovo thinkpad p52
- canonical/lenovo thinkpad p52s firmware
- canonical/lenovo thinkpad p71 firmware
- canonical/lenovo thinkpad p71
- canonical/lenovo thinkpad p72 firmware
- canonical/lenovo thinkpad p72
- canonical/lenovo thinkpad t25 firmware
- canonical/lenovo thinkpad t25
- canonical/lenovo thinkpad t470 firmware
- canonical/lenovo thinkpad t470
- canonical/lenovo thinkpad t470p firmware
- canonical/lenovo thinkpad t470p
- canonical/lenovo thinkpad t470s firmware
- canonical/lenovo thinkpad t470s
- canonical/lenovo thinkpad t480 firmware
- canonical/lenovo thinkpad t480
- canonical/lenovo thinkpad t480s firmware
- canonical/lenovo thinkpad t480s
- canonical/lenovo thinkpad t570 firmware
- canonical/lenovo thinkpad t570
- canonical/lenovo thinkpad t580 firmware
- canonical/lenovo thinkpad t580
- canonical/lenovo thinkpad x380 yoga firmware
- canonical/lenovo thinkpad x380 yoga
- canonical/lenovo thinkpad yoga 11e firmware
- canonical/lenovo thinkpad yoga 11e
- canonical/lenovo thinkpad yoga 370 firmware
- canonical/lenovo thinkpad yoga 370
- canonical/lenovo thinkpad s1 firmware
- canonical/lenovo thinkpad s1
- canonical/lenovo thinkpad x1 carbon firmware
- canonical/lenovo 20hq
- canonical/lenovo 20hr
- canonical/lenovo 20k3
- canonical/lenovo 20k4
- canonical/lenovo 20kg
- canonical/lenovo 20kh
- canonical/lenovo thinkpad x1 tablet firmware
- canonical/lenovo 20jb
- canonical/lenovo 20jc
- canonical/lenovo 20kj
- canonical/lenovo 20kk
- canonical/lenovo thinkpad x1 yoga firmware
- canonical/lenovo 20jd
- canonical/lenovo 20je
- canonical/lenovo 20jf
- canonical/lenovo 20jg
- canonical/lenovo 20ld
- canonical/lenovo 20le
- canonical/lenovo 20lf
- canonical/lenovo 20lg
- canonical/lenovo thinkpad x270 firmware
- canonical/lenovo 20hm
- canonical/lenovo 20hn
- canonical/lenovo 20k5
- canonical/lenovo 20k6
- canonical/lenovo thinkpad x280 firmware
- canonical/lenovo 20ke
- canonical/lenovo 20kf