Описание
Уязвимость обработчика SmmOEMInt15 SMI системы BIOS микропрограммного обеспечения ноутбуков ThinkPad связана с обходом введенных ограничений безопасности. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код с повышенными привилегиями
Вендор
Lenovo Group Limited
Наименование ПО
ThinkPad 11e 20D9
ThinkPad 11e 20DA
ThinkPad Helix 20CG
ThinkPad Helix 20CH
ThinkPad L560
ThinkPad L570 20J8
ThinkPad L570 20J9
ThinkPad L570 20JQ
ThinkPad L570 20JR
ThinkPad P50s
ThinkPad P51s 20HB
ThinkPad P51s 20HC
ThinkPad P51s 20JY
ThinkPad P51s 20K0
ThinkPad P52s 20LB
ThinkPad P52s 20LC
ThinkPad S540
ThinkPad T550
ThinkPad T560
ThinkPad T570 20H9
ThinkPad T570 20HA
ThinkPad T570 20JW
ThinkPad T570 20JX
ThinkPad T580 20L9
ThinkPad T580 20LA
ThinkPad X1 Tablet 1st Gen 20GG
ThinkPad X1 Tablet 1st Gen 20GH
ThinkPad X1 Tablet 2nd Gen 20JB
ThinkPad X1 Tablet 2nd Gen 20JC
ThinkPad W540
ThinkPad W541
ThinkPad W550s
ThinkPad X1 Carbon 3rd Gen 20BS
ThinkPad X1 Carbon 3rd Gen 20BT
ThinkPad X1 Carbon 4th Gen 20FB
ThinkPad X1 Carbon 4th Gen 20FC
ThinkPad X1 Carbon 5th Gen - Kabylake 20HR
ThinkPad X1 Carbon 5th Gen - Kabylake 20HQ
ThinkPad X1 Carbon 5th Gen - Skylake 20K4
ThinkPad X1 Carbon 5th Gen - Skylake 20K3
ThinkPad X1 Yoga 1st Gen 20FQ
ThinkPad X1 Yoga 1st Gen 20FR
ThinkPad X1 Yoga 2nd Gen 20JD
ThinkPad X1 Yoga 2nd Gen 2 0JE
ThinkPad X1 Yoga 2nd Gen 20JF
ThinkPad X1 Yoga 2nd Gen 20JG
ThinkPad X1 Yoga 3rd Gen 20LD
ThinkPad X1 Yoga 3rd Gen 20LE
ThinkPad X1 Yoga 3rd Gen 20LF
ThinkPad X1 Yoga 3rd Gen 20LG
ThinkPad X250
ThinkPad X280 20KF
ThinkPad X280 20KE
ThinkPad X390 Yoga
ThinkPad Yoga 11e 20D9
ThinkPad Yoga 11e 20DA
ThinkPad Yoga 15
ThinkPad Yoga 260
Версия ПО
до N15ET78W (ThinkPad 11e 20D9)
до N15ET78W (ThinkPad 11e 20DA)
до N17ETA8W (ThinkPad Helix 20CG)
до N17ETA8W (ThinkPad Helix 20CH)
до N1HET85W (ThinkPad L560)
до N1XET65W (ThinkPad L570 20J8)
до N1XET65W (ThinkPad L570 20J9)
до N1XET65W (ThinkPad L570 20JQ)
до N1XET65W (ThinkPad L570 20JR)
до N1KET46W (ThinkPad P50s)
до N1VET50W (ThinkPad P51s 20HB)
до N1VET50W (ThinkPad P51s 20HC)
до N1VET50W (ThinkPad P51s 20JY)
до N1VET50W (ThinkPad P51s 20K0)
до N27ET36W (ThinkPad P52s 20LB)
до N27ET36W (ThinkPad P52s 20LC)
до GPET80WW (ThinkPad S540)
до N11ET50W (ThinkPad T550)
до N1KET46W (ThinkPad T560)
до N1VET50W (ThinkPad T570 20H9)
до N1VET50W (ThinkPad T570 20HA)
до N1VET50W (ThinkPad T570 20JW)
до N1VET50W (ThinkPad T570 20JX)
до N27ET36W (ThinkPad T580 20L9)
до N27ET36W (ThinkPad T580 20LA)
до N1LE T86W (ThinkPad X1 Tablet 1st Gen 20GG)
до N1LET86W (ThinkPad X1 Tablet 1st Gen 20GH)
до N1OET50W (ThinkPad X1 Tablet 2nd Gen 20JB)
до N1OET50W (ThinkPad X1 Tablet 2nd Gen 20JC)
до GNET92WW (ThinkPad W540)
до GNET92WW (ThinkPad W541)
до N11ET50W (ThinkPad W550s)
до N14ET52 W (ThinkPad X1 Carbon 3rd Gen 20BS)
до N14ET52W (ThinkPad X1 Carbon 3rd Gen 20BT)
до N1FET70W (ThinkPad X1 Carbon 4th Gen 20FB)
до N1FET70W (ThinkPad X1 Carbon 4th Gen 20FC)
до N1MET55W (ThinkPad X1 Carbon 5th Gen - Kabylake 20HR)
до N1MET55W (ThinkPad X1 Carbon 5th Gen - Kabylake 20HQ)
до N1MET55W (ThinkPad X1 Carbon 5th Gen - Skylake 20K4)
до N1MET55W (ThinkPad X1 Carbon 5th Gen - Skylake 20K3)
до N1FET70W (ThinkPad X1 Yoga 1st Gen 20FQ)
до N1FET70W (ThinkPad X1 Yoga 1st Gen 20FR)
до N1NET47W (ThinkPad X1 Yoga 2nd Gen 20JD)
до N1NET47W (ThinkPad X1 Yoga 2nd Gen 2 0JE)
до N1NET47W (ThinkPad X1 Yoga 2nd Gen 20JF)
до N1NET47W (ThinkPad X1 Yoga 2nd Gen 20JG)
до N25ET50W (ThinkPad X1 Yoga 3rd Gen 20LD)
до N25ET50W (ThinkPad X1 Yoga 3rd Gen 20LE)
до N25ET50W (ThinkPad X1 Yoga 3rd Gen 20LF)
до N25ET50W (ThinkPad X1 Yoga 3rd Gen 20LG)
до N10ET58W (ThinkPad X250)
до N20ET44W (ThinkPad X280 20KF)
до N20ET44W (ThinkPad X280 20KE)
до N2LET60W (ThinkPad X390 Yoga)
до N15ET78W (ThinkPad Yoga 11e 20D9)
до N15ET78W (ThinkPad Yoga 11e 20DA)
до N19ET61W (ThinkPad Yoga 15)
до N1GET98W (ThinkPad Yoga 260)
Тип ПО
Микропрограммный код
Операционные системы и аппаратные платформы
-
Уровень опасности уязвимости
Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,8)
Возможные меры по устранению уязвимости
Использование рекомендаций производителя:
https://support.lenovo.com/us/en/product_security/LEN-84943#ThinkPad
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Данные уточняются
Информация об устранении
Уязвимость устранена
Идентификаторы других систем описаний уязвимостей
- CVE
- LEN
EPSS
Процентиль: 9%
0.00032
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
CVSS3: 6.7
nvd
почти 4 года назад
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
CVSS3: 7.8
github
почти 4 года назад
A potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
EPSS
Процентиль: 9%
0.00032
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2