CVE-2015-5684

Published: Mar 27, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.

Affected (29)

Products: Lenovo: B50 10 Firmware, Flex 2 Pro 15 Firmware, Edge 15 Firmware, Flex 3 1470 Firmware, Flex 3 1570 Firmware, Flex 3 1120 Firmware, G40 80 Firmware, G50 80 Firmware, G50 80 Touch Firmware, G50 80 Touch V3000 Firmware, G40 80m Firmware, G50 80m Firmware, Ideapad 100 14iby Firmware, Ideapad 100 15iby Firmware, S21e Firmware, S41 70 Firmware, U41 70 Firmware, S435 Firmware, M40 35 Firmware, U31 70 Firmware, Yoga 3 14 Firmware, Yoga 3 11 Firmware, Y40 80 Firmware, Z41 70 Firmware, Z51 70 Firmware, Z70 80 Firmware, G70 80 Firmware

Lenovo

27 products

B50 10 Firmware

Flex 2 Pro 15 Firmware

G50 80 Touch Firmware

G50 80 Touch V3000 Firmware

G40 80m Firmware

G50 80m Firmware

Ideapad 100 14iby Firmware

Ideapad 100 15iby Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo B50 10 Firmware	Before cccn13ww\(v1.02\)

Running on/with	Platform Versions
Lenovo B50 10	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Flex 2 Pro 15 Firmware	Before a9cn46ww

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Edge 15 Firmware	Before a9cn46ww

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Edge 15 Firmware	Before b9cn17ww

Running on/with	Platform Versions
Lenovo Edge 15	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Flex 2 Pro 15 Firmware	Before b9cn17ww

Running on/with	Platform Versions
Lenovo Flex 2 Pro 15	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Flex 3 1470 Firmware	Before bdcn30ww

Running on/with	Platform Versions
Lenovo Flex 3 1470	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Flex 3 1570 Firmware	Before bdcn30ww

Running on/with	Platform Versions
Lenovo Flex 3 1570	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Flex 3 1120 Firmware	Before c0cn25ww

Running on/with	Platform Versions
Lenovo Flex 3 1120	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo G40 80 Firmware	Before b0cn75ww

Running on/with	Platform Versions
Lenovo G40 80	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo G50 80 Firmware	Before b0cn75ww

Running on/with	Platform Versions
Lenovo G50 80	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo G50 80 Touch Firmware	Before b0cn75ww

Running on/with	Platform Versions
Lenovo G50 80 Touch	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo G50 80 Touch V3000 Firmware	Before b0cn75ww

Running on/with	Platform Versions
Lenovo G50 80 Touch V3000	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo G40 80m Firmware	Before cbcn75ww

Running on/with	Platform Versions
Lenovo G40 80m	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo G50 80m Firmware	Before cbcn75ww

Running on/with	Platform Versions
Lenovo G50 80m	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 100 14iby Firmware	Before v1.02_\(cccn13ww\)

Running on/with	Platform Versions
Lenovo Ideapad 100 14iby	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideapad 100 15iby Firmware	Before v1.02_\(cccn13ww\)

Running on/with	Platform Versions
Lenovo Ideapad 100 15iby	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S21e Firmware	Before c4cn14ww\(v1.04\)

Running on/with	Platform Versions
Lenovo S21e	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S41 70 Firmware	Before bdcn30ww

Running on/with	Platform Versions
Lenovo S41 70	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo U41 70 Firmware	Before bdcn30ww

Running on/with	Platform Versions
Lenovo U41 70	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo S435 Firmware	Before bbcn15ww\(v1.06\)

Running on/with	Platform Versions
Lenovo S435	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo M40 35 Firmware	Before bbcn15ww\(v1.06\)

Running on/with	Platform Versions
Lenovo M40 35	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo U31 70 Firmware	Before afcn30ww\(v2.02\)

Running on/with	Platform Versions
Lenovo U31 70	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Yoga 3 14 Firmware	Before bacn33ww

Running on/with	Platform Versions
Lenovo Yoga 3 14	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Yoga 3 11 Firmware	Before b8cn30ww\(v2.08\)

Running on/with	Platform Versions
Lenovo Yoga 3 11	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Y40 80 Firmware	Before b5cn36ww\(v2.02\)

Running on/with	Platform Versions
Lenovo Y40 80	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Z41 70 Firmware	Before c2cn18ww\(v1.04\)

Running on/with	Platform Versions
Lenovo Z41 70	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Z51 70 Firmware	Before c2cn18ww\(v1.04\)

Running on/with	Platform Versions
Lenovo Z51 70	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Z70 80 Firmware	Before abcn75ww

Running on/with	Platform Versions
Lenovo Z70 80	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo G70 80 Firmware	Before abcn75ww

Running on/with	Platform Versions
Lenovo G70 80	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://support.lenovo.com/us/en/product_security/lse_bios_notebook

Source: cve@mitre.org

Vendor Advisory

https://support.lenovo.com/us/en/product_security/lse_bios_notebook

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.