CVE-2018-9069

Published: Oct 2, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Exploitability: 0.7 / Impact: 5.2

Source: NVD

Description

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Affected (68)

Products: Hp: 310s 14isk Firmware, 320 15ikbra Firmware, 320 15ikbrn Firmware, 320 15ikbrn Touch Firmware, 320 17ikbrn, 320s 14ikb, 320s 15ikb Firmware, 320s 15isk Firmware, 510s 14isk Firmware, 520 15ikbrn Firmware, 520s 14ikb Firmware, 710s Plus 13ikb 16g Firmware, 710s Plus 3ikb Firmware, Xiaoxinair13ikbpro Firmware, 710s Plus Touch 13ikb Firmware, 720s 13ikb Firmware, B320 14ikb Firmware, Flex 4 1470 Firmware, Flex 5 1470 Firmware, Flex 5 1570 Firmware, Ideapad 2in1 14 Firmware, Lenovo Ideapad 320 14ikb(i+a) Firmware, Lenovo Ideapad 320 14ikb(i+n) Firmware, Lenovo Ideapad 320 15abr Firmware, Lenovo Ideapad 320 15ikb(i+n) Firmware, Lenovo Ideapad 320s 14ikbr Firmware, Lenovo Ideapad 320s 15ikbr Firmware, Lenovo Ideapad 520s 14ikbr Firmware, Lenovo Ideapad 720s 14ikb Firmware, Lenovo Ideapad Flex 5 1470 Firmware, Lenovo Ideapad Flex 5 1570 Firmware, Lenovo Ideapad Y520 15ikbn Firmware, Lenovo Tianyi 310 14ikb Firmware, Lenovo Tianyi 310 15ikb Firmware, Lenovo Y520 15ikba Firmware, Lenovo Y520 15ikbm Firmware, Lenovo Yoga 520 14ikb Firmware, Lenovo Yoga 520 15ikb Firmware, Miix 720 12ikb, Nano110 14ikb Firmware, Nano110 15ikb Firmware, Rescuer R720 15ikbm Firmware, Rescuer Y520 15ikbm Firmware, V330 14ikb Firmware, V330 14isk Firmware, Yoga 310 11iap Firmware, Yoga 510 14isk Firmware, Yoga 720 13ikb Firmware, Yoga 720 13ikbr Firmware, Yoga 720 15ikb Firmware, Lenovo V720 14 Firmware, 7000 U42 Firmware, 7000 15 U42 Firmware, R720 15ikba Firmware, Y520 15ikba Firmware, R720 15ikbn Firmware, Y520 15ikbn Firmware, Y720 15ikb Firmware, Lenovo Y720 15ikb Firmware, E43 80 Kbl Firmware · Lenovo: E42 80 Firmware, E52 80 Firmware, V310 14ikb Firmware, V310 14isk Firmware, V310 15ikb Firmware, V310 15isk Firmware, V510 14ikb Firmware, V510 15ikb Firmware

60 products

310s 14isk Firmware

320 15ikbra Firmware

320 15ikbrn Firmware

320 15ikbrn Touch Firmware

710s Plus 13ikb 16g Firmware

710s Plus 3ikb Firmware

Xiaoxinair13ikbpro Firmware

710s Plus Touch 13ikb Firmware

Ideapad 2in1 14 Firmware

Lenovo Ideapad 320 14ikb(i+a) Firmware

Lenovo Ideapad 320 14ikb(i+n) Firmware

Lenovo Ideapad 320 15abr Firmware

Lenovo Ideapad 320 15ikb(i+n) Firmware

Lenovo Ideapad 320s 14ikbr Firmware

Lenovo Ideapad 320s 15ikbr Firmware

Lenovo Ideapad 520s 14ikbr Firmware

Lenovo Ideapad 720s 14ikb Firmware

Lenovo Ideapad Flex 5 1470 Firmware

Lenovo Ideapad Flex 5 1570 Firmware

Lenovo Ideapad Y520 15ikbn Firmware

Lenovo Tianyi 310 14ikb Firmware

Lenovo Tianyi 310 15ikb Firmware

Lenovo Y520 15ikba Firmware

Lenovo Y520 15ikbm Firmware

Lenovo Yoga 520 14ikb Firmware

Lenovo Yoga 520 15ikb Firmware

Miix 720 12ikb

Nano110 14ikb Firmware

Nano110 15ikb Firmware

Rescuer R720 15ikbm Firmware

Rescuer Y520 15ikbm Firmware

V330 14ikb Firmware

V330 14isk Firmware

Yoga 310 11iap Firmware

Yoga 510 14isk Firmware

Yoga 720 13ikb Firmware

Yoga 720 13ikbr Firmware

Yoga 720 15ikb Firmware

Lenovo V720 14 Firmware

Lenovo Y720 15ikb Firmware

8 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 310s 14isk Firmware	Before 1.15

Running on/with	Platform Versions
Hp 310s 14isk	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 320 15ikbra Firmware	Before 6jcn24ww

Running on/with	Platform Versions
Hp 320 15ikbra	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 320 15ikbrn Firmware	Before 6jcn24ww

Running on/with	Platform Versions
Hp 320 15ikbrn	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 320 15ikbrn Touch Firmware	Before 6jcn24ww

Running on/with	Platform Versions
Hp 320 15ikbrn Touch	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 320 17ikbrn	Before 2.09

Running on/with	Platform Versions
Hp 320 17ikbrn	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 320s 14ikb	Before 2.09

Running on/with	Platform Versions
Hp 320s 14ikb	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 320s 15ikb Firmware	Before 2.09

Running on/with	Platform Versions
Hp 320s 15ikb	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 320s 15isk Firmware	Before 2wcn38ww

Running on/with	Platform Versions
Hp 320s 15isk	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 510s 14isk Firmware	Before 1.15

Running on/with	Platform Versions
Hp 510s 14isk	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 520 15ikbrn Firmware	Before 6jcn26ww

Running on/with	Platform Versions
Hp 520 15ikbrn	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 520s 14ikb Firmware	Before 2.09

Running on/with	Platform Versions
Hp 520s 14ikb	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 710s Plus 13ikb 16g Firmware	Before 2.55

Running on/with	Platform Versions
Hp 710s Plus 13ikb 16g	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 710s Plus 3ikb Firmware	Before 2.55

Running on/with	Platform Versions
Hp 710s Plus 3ikb	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Xiaoxinair13ikbpro Firmware	Before 2.55

Running on/with	Platform Versions
Hp Xiaoxinair13ikbpro	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 710s Plus Touch 13ikb Firmware	Before 2.55

Running on/with	Platform Versions
Hp 710s Plus Touch 13ikb	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 720s 13ikb Firmware	Before 5scn38ww

Running on/with	Platform Versions
Hp 720s 13ikb	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp B320 14ikb Firmware	All versions

Running on/with	Platform Versions
Hp B320 14ikb	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo E42 80 Firmware	Before 2wcn38ww

Running on/with	Platform Versions
Hp E42 80	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo E52 80 Firmware	Before 2wcn38ww

Running on/with	Platform Versions
Hp E52 80	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Flex 4 1470 Firmware	Before 1.15

Running on/with	Platform Versions
Hp Flex 4 1470	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Flex 5 1470 Firmware	Before 2.09

Running on/with	Platform Versions
Hp Flex 5 1470	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Flex 5 1570 Firmware	Before 2.09

Running on/with	Platform Versions
Hp Flex 5 1570	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Ideapad 2in1 14 Firmware	All versions

Running on/with	Platform Versions
Hp Ideapad 2in1 14	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad 320 14ikb(i+a) Firmware	All versions

Running on/with	Platform Versions
Hp Lenovo Ideapad 320 14ikb(i+a)	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad 320 14ikb(i+n) Firmware	All versions

Running on/with	Platform Versions
Hp Lenovo Ideapad 320 14ikb(i+n)	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad 320 15abr Firmware	All versions

Running on/with	Platform Versions
Hp Lenovo Ideapad 320 15abr	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad 320 15ikb(i+n) Firmware	All versions

Running on/with	Platform Versions
Hp Lenovo Ideapad 320 15ikb(i+n)	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad 320s 14ikbr Firmware	All versions

Running on/with	Platform Versions
Hp Lenovo Ideapad 320s 14ikbr	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad 320s 15ikbr Firmware	All versions

Running on/with	Platform Versions
Hp Lenovo Ideapad 320s 15ikbr	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad 520s 14ikbr Firmware	All versions

Running on/with	Platform Versions
Hp Lenovo Ideapad 520s 14ikbr	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad 720s 14ikb Firmware	Before 6jcn26ww

Running on/with	Platform Versions
Hp Lenovo Ideapad 720s 14ikb	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad Flex 5 1470 Firmware	Before 6jcn26ww

Running on/with	Platform Versions
Hp Lenovo Ideapad Flex 5 1470	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad Flex 5 1570 Firmware	Before 6jcn26ww

Running on/with	Platform Versions
Hp Lenovo Ideapad Flex 5 1570	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Ideapad Y520 15ikbn Firmware	All versions

Running on/with	Platform Versions
Hp Lenovo Ideapad Y520 15ikbn	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Tianyi 310 14ikb Firmware	All versions

Running on/with	Platform Versions
Hp Lenovo Tianyi 310 14ikb	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Tianyi 310 15ikb Firmware	All versions

Running on/with	Platform Versions
Hp Lenovo Tianyi 310 15ikb	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Y520 15ikba Firmware	Before 5jcn25ww

Running on/with	Platform Versions
Hp Lenovo Y520 15ikba	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Y520 15ikbm Firmware	Before 5jcn25ww

Running on/with	Platform Versions
Hp Lenovo Y520 15ikbm	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Yoga 520 14ikb Firmware	Before 6jcn26ww

Running on/with	Platform Versions
Hp Lenovo Yoga 520 14ikb	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Yoga 520 15ikb Firmware	Before 6jcn26ww

Running on/with	Platform Versions
Hp Lenovo Yoga 520 15ikb	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Miix 720 12ikb	Before 3scn66ww

Running on/with	Platform Versions
Hp Miix 720 12ikb	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Nano110 14ikb Firmware	All versions

Running on/with	Platform Versions
Hp Nano110 14ikb	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Nano110 15ikb Firmware	Before 5xcn24ww

Running on/with	Platform Versions
Hp Nano110 15ikb	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Rescuer R720 15ikbm Firmware	Before 5xcn24ww

Running on/with	Platform Versions
Hp Rescuer R720 15ikbm	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Rescuer Y520 15ikbm Firmware	Before 5xcn24ww

Running on/with	Platform Versions
Hp Rescuer Y520 15ikbm	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V310 14ikb Firmware	Before 2wcn38ww

Running on/with	Platform Versions
Hp V310 14ikb	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V310 14isk Firmware	Before 4.07

Running on/with	Platform Versions
Hp V310 14isk	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V310 15ikb Firmware	Before 2wcn38ww

Running on/with	Platform Versions
Hp V310 15ikb	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V310 15isk Firmware	Before 0zcn47ww

Running on/with	Platform Versions
Hp V310 15isk	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp V330 14ikb Firmware	Before 4.07

Running on/with	Platform Versions
Hp V330 14ikb	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp V330 14isk Firmware	Before 4.07

Running on/with	Platform Versions
Hp V330 14isk	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V510 14ikb Firmware	Before 2wcn38ww

Running on/with	Platform Versions
Hp V510 14ikb	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V510 15ikb Firmware	Before 2wcn38ww

Running on/with	Platform Versions
Hp V510 15ikb	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Yoga 310 11iap Firmware	Before 6.7

Running on/with	Platform Versions
Hp Yoga 310 11iap	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Yoga 510 14isk Firmware	Before 1.15

Running on/with	Platform Versions
Hp Yoga 510 14isk	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Yoga 720 13ikb Firmware	Before 2.05

Running on/with	Platform Versions
Hp Yoga 720 13ikb	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Yoga 720 13ikbr Firmware	Before 2.07

Running on/with	Platform Versions
Hp Yoga 720 13ikbr	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Yoga 720 15ikb Firmware	Before 2.05

Running on/with	Platform Versions
Hp Yoga 720 15ikb	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo V720 14 Firmware	Before 2.12

Running on/with	Platform Versions
Hp Lenovo V720 14	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 7000 U42 Firmware	Before 2.09

Running on/with	Platform Versions
Hp 7000 U42	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp 7000 15 U42 Firmware	Before 2.09

Running on/with	Platform Versions
Hp 7000 15 U42	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp R720 15ikba Firmware	Before 5jcn25ww

Running on/with	Platform Versions
Hp R720 15ikba	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y520 15ikba Firmware	Before 5jcn25ww

Running on/with	Platform Versions
Hp Y520 15ikba	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp R720 15ikbn Firmware	Before 4gcn38ww

Running on/with	Platform Versions
Hp R720 15ikbn	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y520 15ikbn Firmware	Before 4gcn38ww

Running on/with	Platform Versions
Hp Y520 15ikbn	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Y720 15ikb Firmware	Before 4gcn38ww

Running on/with	Platform Versions
Hp Y720 15ikb	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Lenovo Y720 15ikb Firmware	Before 4gcn38ww

Running on/with	Platform Versions
Hp Lenovo Y720 15ikb	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp E43 80 Kbl Firmware	Before 4.07

Running on/with	Platform Versions
Hp E43 80 Kbl	All versions

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (2)

https://support.lenovo.com/us/en/solutions/LEN-20184

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/solutions/LEN-20184

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.