CWE
362
Advisory Published
CVE Published
Updated

CVE-2018-9069: BIOS Write Protection Race Condition

First published: Tue Oct 02 2018(Updated: )

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Hp 310s-14isk Firmware<1.15
Hp 310s-14isk
Hp 320-15ikbra Firmware<6jcn24ww
Hp 320-15ikbra
Hp 320-15ikbrn Firmware<6jcn24ww
Hp 320-15ikbrn
Hp 320-15ikbrn Touch Firmware<6jcn24ww
Hp 320-15ikbrn Touch
Hp 320-17ikbrn<2.09
Hp 320-17ikbrn
Hp 320s-14ikb<2.09
Hp 320s-14ikb
Hp 320s-15ikb Firmware<2.09
Hp 320s-15ikb
Hp 320s-15isk Firmware<2wcn38ww
Hp 320s-15isk
Hp 510s-14isk Firmware<1.15
Hp 510s-14isk
Hp 520-15ikbrn Firmware<6jcn26ww
Hp 520-15ikbrn
Hp 520s-14ikb Firmware<2.09
Hp 520s-14ikb
Hp 710s Plus-13ikb 16g Firmware<2.55
Hp 710s Plus-13ikb 16g
Hp 710s Plus-3ikb Firmware<2.55
Hp 710s Plus-3ikb
Hp Xiaoxinair13ikbpro Firmware<2.55
Hp Xiaoxinair13ikbpro
Hp 710s Plus Touch-13ikb Firmware<2.55
Hp 710s Plus Touch-13ikb
Hp 720s-13ikb Firmware<5scn38ww
Hp 720s-13ikb
Hp B320-14ikb Firmware
Hp B320-14ikb
Lenovo E42-80 Firmware<2wcn38ww
Hp E42-80
Lenovo E52-80 Firmware<2wcn38ww
Hp E52-80
Hp Flex 4-1470 Firmware<1.15
Hp Flex 4-1470
Hp Flex 5-1470 Firmware<2.09
Hp Flex 5-1470
Hp Flex 5-1570 Firmware<2.09
Hp Flex 5-1570
Hp Ideapad 2in1 14 Firmware
Hp Ideapad 2in1 14
Hp Lenovo Ideapad 320-14ikb\(i\+a\) Firmware
Hp Lenovo Ideapad 320-14ikb\(i\+a\)
Hp Lenovo Ideapad 320-14ikb\(i\+n\) Firmware
Hp Lenovo Ideapad 320-14ikb\(i\+n\)
Hp Lenovo Ideapad 320-15abr Firmware
Hp Lenovo Ideapad 320-15abr
Hp Lenovo Ideapad 320-15ikb\(i\+n\) Firmware
Hp Lenovo Ideapad 320-15ikb\(i\+n\)
Hp Lenovo Ideapad 320s-14ikbr Firmware
Hp Lenovo Ideapad 320s-14ikbr
Hp Lenovo Ideapad 320s-15ikbr Firmware
Hp Lenovo Ideapad 320s-15ikbr
Hp Lenovo Ideapad 520s-14ikbr Firmware
Hp Lenovo Ideapad 520s-14ikbr
Hp Lenovo Ideapad 720s-14ikb Firmware<6jcn26ww
Hp Lenovo Ideapad 720s-14ikb
Hp Lenovo Ideapad Flex 5-1470 Firmware<6jcn26ww
Hp Lenovo Ideapad Flex 5-1470
Hp Lenovo Ideapad Flex 5-1570 Firmware<6jcn26ww
Hp Lenovo Ideapad Flex 5-1570
Hp Lenovo Ideapad Y520-15ikbn Firmware
Hp Lenovo Ideapad Y520-15ikbn
Hp Lenovo Tianyi 310-14ikb Firmware
Hp Lenovo Tianyi 310-14ikb
Hp Lenovo Tianyi 310-15ikb Firmware
Hp Lenovo Tianyi 310-15ikb
Hp Lenovo Y520-15ikba Firmware<5jcn25ww
Hp Lenovo Y520-15ikba
Hp Lenovo Y520-15ikbm Firmware<5jcn25ww
Hp Lenovo Y520-15ikbm
Hp Lenovo Yoga 520-14ikb Firmware<6jcn26ww
Hp Lenovo Yoga 520-14ikb
Hp Lenovo Yoga 520-15ikb Firmware<6jcn26ww
Hp Lenovo Yoga 520-15ikb
Hp Miix 720-12ikb<3scn66ww
Hp Miix 720-12ikb
Hp Nano110-14ikb Firmware
Hp Nano110-14ikb
Hp Nano110-15ikb Firmware<5xcn24ww
Hp Nano110-15ikb
Hp Rescuer R720-15ikbm Firmware<5xcn24ww
Hp Rescuer R720-15ikbm
Hp Rescuer Y520-15ikbm Firmware<5xcn24ww
Hp Rescuer Y520-15ikbm
Lenovo V310-14ikb Firmware<2wcn38ww
Hp V310-14ikb
Lenovo V310-14isk Firmware<4.07
Hp V310-14isk
Lenovo V310-15ikb Firmware<2wcn38ww
Hp V310-15ikb
Lenovo V310-15isk Firmware<0zcn47ww
Hp V310-15isk
Hp V330-14ikb Firmware<4.07
Hp V330-14ikb
Hp V330-14isk Firmware<4.07
Hp V330-14isk
Lenovo V510-14ikb Firmware<2wcn38ww
Hp V510-14ikb
Lenovo V510-15ikb Firmware<2wcn38ww
Hp V510-15ikb
Hp Yoga 310-11iap Firmware<6.7
Hp Yoga 310-11iap
Hp Yoga 510-14isk Firmware<1.15
Hp Yoga 510-14isk
Hp Yoga 720-13ikb Firmware<2.05
Hp Yoga 720-13ikb
Hp Yoga 720-13ikbr Firmware<2.07
Hp Yoga 720-13ikbr
Hp Yoga 720-15ikb Firmware<2.05
Hp Yoga 720-15ikb
Hp Lenovo V720-14 Firmware<2.12
Hp Lenovo V720-14
Hp 7000 U42 Firmware<2.09
Hp 7000 U42
Hp 7000-15 U42 Firmware<2.09
Hp 7000-15 U42
Hp R720-15ikba Firmware<5jcn25ww
Hp R720-15ikba
Hp Y520-15ikba Firmware<5jcn25ww
Hp Y520-15ikba
Hp R720-15ikbn Firmware<4gcn38ww
Hp R720-15ikbn
Hp Y520-15ikbn Firmware<4gcn38ww
Hp Y520-15ikbn
Hp Y720-15ikb Firmware<4gcn38ww
Hp Y720-15ikb
Hp Lenovo Y720-15ikb Firmware<4gcn38ww
Hp Lenovo Y720-15ikb
Hp E43-80 Kbl Firmware<4.07
Hp E43-80 Kbl

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203