high
7
CWE
362
Advisory Published
CVE Published
Updated

CVE-2018-9069: BIOS Write Protection Race Condition

First published: Tue Oct 02 2018(Updated: )

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
HP 310s-14isk<1.15
HP 310s-14isk
HP 320-15ikbra<6jcn24ww
HP 320-15ikbrn Touch Firmware
hp 320-15ikbrn touch firmware<6jcn24ww
HP 320-15ikbra Firmware
HP 320-15ikbrn Touch Firmware<6jcn24ww
HP 320-15ikbrn Touch Firmware
HP 320-17IKBRN<2.09
HP 320-17IKBRN
HP 320s-14ikb<2.09
HP 320s-14ikb
HP 320s-15ikb<2.09
HP 320s-15ikb Firmware
HP 320s-15isk<2wcn38ww
HP 320s-15isk
HP 510s-14isk<1.15
HP 510s-14isk Firmware
HP 520-15ikbrn<6jcn26ww
HP 520-15ikbrn Firmware
HP 520s-14ikb firmware<2.09
HP 520s-14ikb firmware
HP 710S Plus Touch-13IKB Firmware<2.55
HP 710S Plus-13IKB 16G Firmware
HP 710s Plus-3IKB<2.55
HP 710s Plus-3IKB Firmware
HP Xiaoxin Air 13 IKBP<2.55
HP Xiaoxin Air 13 IKBP
HP 710S Plus Touch-13IKB Firmware<2.55
HP 710S Plus Touch-13IKB Firmware
HP 720s-13ikb Firmware<5scn38ww
hp 720s-13ikb firmware
HP B320-14IKB
HP B320-14IKB Firmware
Lenovo e42-80<2wcn38ww
HP e42-80
Lenovo e52-80 isk firmware<2wcn38ww
HP e52-80
HP Flex 4-1470<1.15
HP Flex 4-1470 Firmware
HP Flex 5-1470<2.09
HP Flex 5-1470 Firmware
Lenovo IdeaPad Flex 5-1570 Firmware<2.09
HP Flex 5-1570 Firmware
hp IdeaPad 2in1 14 firmware
HP IdeaPad 2-in-1 14
hp Lenovo IdeaPad 320-14ikb(i+a) firmware
Lenovo IdeaPad 320-14IKB
hp Lenovo IdeaPad 320-14ikb(i+n) firmware
Lenovo IdeaPad 320-14IKB
Lenovo IdeaPad 320-15ABR Firmware
Lenovo IdeaPad 320-15ABR Firmware
Lenovo IdeaPad 320-15IKB Firmware
Lenovo IdeaPad 320-15IKB
Lenovo IdeaPad 320s-14IKBR firmware
Lenovo IdeaPad 320s-14IKB
Lenovo IdeaPad 320s-15IKBR firmware
Lenovo IdeaPad 320s-15IKBR firmware
hp Lenovo IdeaPad 520s-14ikbr
Lenovo IdeaPad 520s-14ikbr
Lenovo 720s-14ikbr<6jcn26ww
Lenovo IdeaPad 720s-14ikb firmware
Lenovo IdeaPad Flex 5-1470 Firmware<6jcn26ww
Lenovo IdeaPad Flex 5-1470 Firmware
Lenovo IdeaPad Flex 5-1570 Firmware<6jcn26ww
hp Lenovo IdeaPad flex 5-1570 firmware
Lenovo IdeaPad Y520-15IKBN
Lenovo IdeaPad Y520-15IKBN
hp Lenovo Tianyi 310-14IKB
Lenovo IdeaPad 310-14IKB
Lenovo 130-15ikb
Lenovo Tianyi 310-15IKB Firmware
HP Lenovo Y520-15IKBA Firmware<5jcn25ww
Lenovo IdeaPad Y520-15IKB
Lenovo Y520-15IKBM Firmware<5jcn25ww
Lenovo IdeaPad Y520-15IKBM
Lenovo Yoga 520-14IKB Firmware<6jcn26ww
Lenovo Yoga 520-14IKB
Lenovo Yoga 520-15IKB Firmware<6jcn26ww
HP Lenovo Yoga 520-15IKB Firmware
Lenovo Miix 720-12IKB Firmware<3scn66ww
Lenovo Miix 720-12IKB Firmware
HP Nano 110-14ikb
HP Nano 110-14ikb
HP Nano 110-15ikb<5xcn24ww
HP Nano 110-15ikb
HP Rescuer R720-15IKBM<5xcn24ww
HP Rescuer R720-15IKBM Firmware
HP Rescuer Y520-15IKBM Firmware<5xcn24ww
HP Rescuer Y520-15IKBM Firmware
Lenovo v310-14ikb firmware<2wcn38ww
HP v310-14ikb
Lenovo v310-14isk firmware<4.07
hp v310-14ikb
Lenovo v310-15IKB<2wcn38ww
HP V310-15IKB
Lenovo v310-15isk<0zcn47ww
HP v310-15isk
Lenovo 330-14ikb<4.07
HP V330-14ISK
HP V330-14ISK Firmware<4.07
HP V330-14ISK Firmware
Lenovo V510-14IKB Firmware<2wcn38ww
HP v510-14ikb
Lenovo v510-15ikb firmware<2wcn38ww
HP v510-15ikb
HP Yoga 310-11iap Firmware<6.7
HP Yoga 310-11iap
HP Yoga 510-14ISK Firmware<1.15
HP Yoga 510-14ISK Firmware
HP Yoga 720-13IKB Firmware<2.05
HP Yoga 720-13ikb Firmware
HP Yoga 720-13IKB<2.07
HP Yoga 720-13IKB
HP Y720-15IKB Firmware<2.05
HP Yoga 720-15IKB Firmware
Lenovo V720-14<2.12
Lenovo V720-14
HP 7000 U42<2.09
HP 7000 U42 Firmware
HP 7000 U42 Firmware<2.09
HP 7000 U42 Firmware
HP R720-15IKBA Firmware<5jcn25ww
hp r720-15ikba firmware
hp Lenovo y520-15ikba firmware<5jcn25ww
hp Lenovo y520-15ikba firmware
HP R720-15IKBA Firmware<4gcn38ww
HP R720-15IKBN Firmware
HP Y520-15IKBN Firmware<4gcn38ww
Lenovo IdeaPad Y520-15IKBN
hp Lenovo y720-15ikb firmware<4gcn38ww
HP Yoga 720-15IKB Firmware
Lenovo Y720-15IKB Firmware<4gcn38ww
hp Lenovo y720-15ikb firmware
HP E43-80 KBL Firmware<4.07
hp e43-80 kbl firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2018-9069?

    CVE-2018-9069 has a high severity rating due to its potential to allow an attacker with administrator access to alter the BIOS contents.

  • How do I fix CVE-2018-9069?

    To fix CVE-2018-9069, update your BIOS to the latest version provided by the manufacturer.

  • What systems are affected by CVE-2018-9069?

    CVE-2018-9069 affects several Lenovo IdeaPad consumer notebook models, particularly those with specific firmware versions.

  • Who is impacted by CVE-2018-9069?

    Users of affected Lenovo IdeaPad models are at risk if they have not updated their BIOS to mitigate CVE-2018-9069.

  • Is CVE-2018-9069 being actively exploited?

    As of now, there are no confirmed reports of active exploitation of CVE-2018-9069.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203