Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for IdeaPad by Lenovo Group LTD

    CVE-2018-9069 (GCVE-0-2018-9069)

    Vulnerability from cvelistv5 – Published: 2018-10-02 14:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    BIOS Write Protection Race Condition
    Summary
    In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group LTD IdeaPad Affected: various , < various (custom)
    Create a notification for this product.
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IdeaPad",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThan": "various",
                  "status": "affected",
                  "version": "various",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-02T13:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
            }
          ],
          "source": {
            "advisory": "LEN-20184",
            "discovery": "EXTERNAL"
          },
          "title": "BIOS Write Protection Race Condition",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9069",
              "STATE": "PUBLIC",
              "TITLE": "BIOS Write Protection Race Condition"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IdeaPad",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "various",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-20184",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
                }
              ]
            },
            "source": {
              "advisory": "LEN-20184",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9069",
        "datePublished": "2018-10-02T14:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9069 (GCVE-0-2018-9069)

    Vulnerability from nvd – Published: 2018-10-02 14:00 – Updated: 2024-08-05 07:17
    VLAI
    Title
    BIOS Write Protection Race Condition
    Summary
    In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group LTD IdeaPad Affected: various , < various (custom)
    Create a notification for this product.
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IdeaPad",
              "vendor": "Lenovo Group LTD",
              "versions": [
                {
                  "lessThan": "various",
                  "status": "affected",
                  "version": "various",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-02T13:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
            }
          ],
          "source": {
            "advisory": "LEN-20184",
            "discovery": "EXTERNAL"
          },
          "title": "BIOS Write Protection Race Condition",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9069",
              "STATE": "PUBLIC",
              "TITLE": "BIOS Write Protection Race Condition"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IdeaPad",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "various",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group LTD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-20184",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
                }
              ]
            },
            "source": {
              "advisory": "LEN-20184",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9069",
        "datePublished": "2018-10-02T14:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }