Search criteria
2 vulnerabilities found for lenovo_ideapad_520s-14ikbr_firmware by hp
CVE-2018-9069 (GCVE-0-2018-9069)
Vulnerability from cvelistv5 – Published: 2018-10-02 14:00 – Updated: 2024-08-05 07:17
VLAI
Title
BIOS Write Protection Race Condition
Summary
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
Severity
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-20184 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo Group LTD | IdeaPad |
Affected:
various , < various
(custom)
|
Date Public
2018-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IdeaPad",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThan": "various",
"status": "affected",
"version": "various",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T13:57:01.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
}
],
"source": {
"advisory": "LEN-20184",
"discovery": "EXTERNAL"
},
"title": "BIOS Write Protection Race Condition",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9069",
"STATE": "PUBLIC",
"TITLE": "BIOS Write Protection Race Condition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IdeaPad",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "various",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-20184",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
}
]
},
"source": {
"advisory": "LEN-20184",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9069",
"datePublished": "2018-10-02T14:00:00.000Z",
"dateReserved": "2018-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:50.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9069 (GCVE-0-2018-9069)
Vulnerability from nvd – Published: 2018-10-02 14:00 – Updated: 2024-08-05 07:17
VLAI
Title
BIOS Write Protection Race Condition
Summary
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
Severity
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-20184 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo Group LTD | IdeaPad |
Affected:
various , < various
(custom)
|
Date Public
2018-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:50.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IdeaPad",
"vendor": "Lenovo Group LTD",
"versions": [
{
"lessThan": "various",
"status": "affected",
"version": "various",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T13:57:01.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
}
],
"source": {
"advisory": "LEN-20184",
"discovery": "EXTERNAL"
},
"title": "BIOS Write Protection Race Condition",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9069",
"STATE": "PUBLIC",
"TITLE": "BIOS Write Protection Race Condition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IdeaPad",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "various",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-20184",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-20184"
}
]
},
"source": {
"advisory": "LEN-20184",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2018-9069",
"datePublished": "2018-10-02T14:00:00.000Z",
"dateReserved": "2018-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:50.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}