Описание
Уязвимость функции обратного вызова обработчика System Management Interrupt (SMI) драйвера режима Legacy BIOS ноутбуков Lenovo связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код с повышенными привилегиями
Вендор
Lenovo Group Limited
Наименование ПО
IdeaPad 3-14ARE05
IdeaPad 3-15ARE05
IdeaPad 3-17ARE05
Ideapad Gaming L340-15IRH
IdeaPad L340-15IWL
Legion Y540-15IRH
Legion Y540-15IRH-PG0
Legion Y540-17IRH
Legion Y540-17IRH-PG0
Legion Y545
Legion Y545-PG0
Legion Y7000-2019
Legion Y7000-2019-PG0
Ideapad S540-13IML
Ideapad Slim 7 Pro-14IHU5
Ideapad Slim 9-14ITL05
V140-15IWL
Yoga 7-14ACN6
Yoga C740-14IML
Yoga C740-15IML
Yoga C940-14IIL
Yoga Slim 7 Pro-14ACH5
Yoga Slim 7 Pro-14ACH5 O
Yoga Slim 7 Pro-14IHU5
Yoga Slim 7 Pro-14IHU5 O
Yoga Slim 7 Pro-14ITL5
Yoga Slim 9-14ITL05
ideapad 3-14IML05
ideapad 3-14ITL05
ideapad 3-14ITL6
ideapad 3-15IML05
ideapad 3-15ITL05
ideapad 3-15ITL6
ideapad 3-17IML05
ideapad 5-15IIL05
ideapad Creator 5-15IMH05
ideapad Gaming 3-15ARH05
ideapad Gaming 3-15IMH05
IdeaPad 3-17ITL6
Lenovo S14 G2 ITL
Lenovo 14W Gen 2
Lenovo 500w Gen 3
ideapad C340-14API
ideapad C340-14IML
ideapad C340-15IML
ideapad D330-10IGM
ideapad Duet 3-10IGL5
Lenovo E41-50
Lenovo E41-55
ideapad FLEX-14IML
ideapad FLEX-15IML
ideapad Flex 3-11ADA05
IdeaPad 3-15IGL05
IdeaPad 3-17IIL05
IdeaPad 5-14ITL05
IdeaPad Gaming 3-15IHU6
Ideapad 5-15ITL05
ideapad L3-15IML05
IdeaPad L3 15ITL6
Legion 5 Pro-16ACH6
Legion 5 Pro-16ACH6H
Legion 5 Pro-16ITH6
Legion 5 Pro-16ITH6H
Legion 5-15ACH6
Legion 5-15ACH6A
Legion 5-15ACH6H
Legion 5-15IMH6
Legion 5-15ITH6
Legion 5-15ITH6H
Legion 5-17ACH6
Legion 5-17ACH6H
Legion 5-17ITH6
Legion 5-17ITH6H
Legion 7-16ACHg6
Legion 7-16ITHg6
Ideapad S145-14IGM
Ideapad S145-14IIL
Ideapad S145-15IGM
Ideapad S145-15IIL
ideapad S340-13IML
ideapad S340-14API
ideapad S340-14IML
ideapad S340-15API
ideapad S340-15API Touch
ideapad S340-15IML
ideapad S340-15IML Touch
ideapad S530-13IML
ideapad S530-13IWL
ideapad S540-14API
ideapad S540-14IML
ideapad S540-14IML Touch
ideapad S540-15IML
ideapad S740-15IRH
ideapad S740-15IRH Touch
ideapad Slim 7-14ARE05
ideapad Slim 7-14IIL05
ideapad Slim 7-14ITL05
ideapad Slim 7-15IIL05
ideapad Slim 7-15IMH05
ideapad Slim 7-15ITL05
ThinkBook 13x ITG
ThinkBook 14 G3 ACL
ThinkBook 14 G3 ITL
ThinkBook 14s Yoga ITL
ThinkBook 15 G3 ACL
ThinkBook Plus G2 ITG
Lenovo V14 G1-IML
Lenovo V14 G2-ITL
Lenovo V14-ARE
Lenovo V14-IGL
Lenovo V14-IIL
Lenovo V15 G1-IML
Lenovo V15 G2-ITL
Lenovo V15-IGL
Lenovo V15-IIL
Lenovo V17 G2-ITL
Lenovo V17-IIL
Lenovo V340-17IWL
Yoga 6-13ALC6
Yoga 730-15IWL
Yoga Creator 7-15IMH05
Yoga Duet 7-13ITL6
Yoga Duet 7-13ITL6-LTE
Yoga S740-15IRH
Yoga Slim 7 Carbon 13ITL5
Yoga Slim 7-13ITL05
Yoga Slim 7-14ARE05
Yoga Slim 7-14IIL05
Yoga Slim 7-14ITL05
Yoga Slim 7-15IIL05
Yoga Slim 7-15IMH05
Yoga Slim 7-15ITL05
ideapad 3-14IGL05
ideapad 3-14IIL05
ideapad 3-15IIL05
ideapad 5 Pro-14ACN6
ideapad 5 Pro-14ITL6
ideapad 5 Pro-16ACH6
ideapad 5 Pro-16IHU6
ideapad 5-14ALC05
ideapad 5-14ARE05
ideapad Creator 5-16ACH6
ideapad Gaming 3-15ACH6
ThinkPad X1 Carbon 9th Gen
ThinkPad X1 Yoga 6th Gen
Версия ПО
до dzcn42ww (IdeaPad 3-14ARE05)
до DZCN42WW (IdeaPad 3-15ARE05)
до DZCN42WW (IdeaPad 3-17ARE05)
до BGCN35WW (Ideapad Gaming L340-15IRH)
до ATCN46WW (IdeaPad L340-15IWL)
до BHCN44WW (Legion Y540-15IRH)
до BHCN44WW (Legion Y540-15IRH-PG0)
до BHCN44WW (Legion Y540-17IRH)
до BHCN44WW (Legion Y540-17IRH-PG0)
до BHCN44WW (Legion Y545)
до BHCN44WW (Legion Y545-PG0)
до BHCN44WW (Legion Y7000-2019)
до BHCN44WW (Legion Y7000-2019-PG0)
- (Ideapad S540-13IML)
- (Ideapad Slim 7 Pro-14IHU5)
- (Ideapad Slim 9-14ITL05)
до ATCN46WW (V140-15IWL)
- (Yoga 7-14ACN6)
- (Yoga C740-14IML)
- (Yoga C740-15IML)
- (Yoga C940-14IIL)
- (Yoga Slim 7 Pro-14ACH5)
- (Yoga Slim 7 Pro-14ACH5 O)
- (Yoga Slim 7 Pro-14IHU5)
- (Yoga Slim 7 Pro-14IHU5 O)
- (Yoga Slim 7 Pro-14ITL5)
- (Yoga Slim 9-14ITL05)
- (ideapad 3-14IML05)
- (ideapad 3-14ITL05)
- (ideapad 3-14ITL6)
- (ideapad 3-15IML05)
- (ideapad 3-15ITL05)
- (ideapad 3-15ITL6)
- (ideapad 3-17IML05)
- (ideapad 5-15IIL05)
до EGCN36WW (ideapad Creator 5-15IMH05)
до FCCN17WW (ideapad Gaming 3-15ARH05)
до EGCN36WW (ideapad Gaming 3-15IMH05)
- (IdeaPad 3-17ITL6)
- (Lenovo S14 G2 ITL)
- (Lenovo 14W Gen 2)
- (Lenovo 500w Gen 3)
- (ideapad C340-14API)
до CKCN18WW (ideapad C340-14IML)
до CRCN19WW (ideapad C340-15IML)
до 8NCN42WW (ideapad D330-10IGM)
до EQCN31WW (ideapad Duet 3-10IGL5)
до G2CN23WW (Lenovo E41-50)
- (Lenovo E41-55)
до CKCN18WW (ideapad FLEX-14IML)
до CRCN19WW (ideapad FLEX-15IML)
- (ideapad Flex 3-11ADA05)
- (IdeaPad 3-15IGL05)
- (IdeaPad 3-17IIL05)
- (IdeaPad 5-14ITL05)
- (IdeaPad Gaming 3-15IHU6)
до FHCN64WW (Ideapad 5-15ITL05)
- (ideapad L3-15IML05)
- (IdeaPad L3 15ITL6)
- (Legion 5 Pro-16ACH6)
- (Legion 5 Pro-16ACH6H)
- (Legion 5 Pro-16ITH6)
- (Legion 5 Pro-16ITH6H)
- (Legion 5-15ACH6)
- (Legion 5-15ACH6A)
- (Legion 5-15ACH6H)
- (Legion 5-15IMH6)
- (Legion 5-15ITH6)
- (Legion 5-15ITH6H)
- (Legion 5-17ACH6)
- (Legion 5-17ACH6H)
- (Legion 5-17ITH6)
- (Legion 5-17ITH6H)
- (Legion 7-16ACHg6)
- (Legion 7-16ITHg6)
- (Ideapad S145-14IGM)
- (Ideapad S145-14IIL)
- (Ideapad S145-15IGM)
- (Ideapad S145-15IIL)
до BZCN23WW (ideapad S340-13IML)
до AMCN30WW (ideapad S340-14API)
до CRCN19WW (ideapad S340-14IML)
до AMCN30WW (ideapad S340-15API)
до AMCN30WW (ideapad S340-15API Touch)
до CRCN19WW (ideapad S340-15IML)
до CRCN19WW (ideapad S340-15IML Touch)
- (ideapad S530-13IML)
- (ideapad S530-13IWL)
- (ideapad S540-14API)
до CKCN18WW (ideapad S540-14IML)
до CKCN18WW (ideapad S540-14IML Touch)
до CNCN20WW (ideapad S540-15IML)
- (ideapad S740-15IRH)
- (ideapad S740-15IRH Touch)
до DMCN41WW (ideapad Slim 7-14ARE05)
до DHCN33WW (ideapad Slim 7-14IIL05)
до FBCN27WW (ideapad Slim 7-14ITL05)
до DHCN33WW (ideapad Slim 7-15IIL05)
до DNCN30WW (ideapad Slim 7-15IMH05)
до FBCN27WW (ideapad Slim 7-15ITL05)
до HLCN27WW (ThinkBook 13x ITG)
- (ThinkBook 14 G3 ACL)
до HRCN10WW (ThinkBook 14 G3 ITL)
- (ThinkBook 14s Yoga ITL)
- (ThinkBook 15 G3 ACL)
до GYCN28WW (ThinkBook Plus G2 ITG)
- (Lenovo V14 G1-IML)
- (Lenovo V14 G2-ITL)
до DZCN42WW (Lenovo V14-ARE)
- (Lenovo V14-IGL)
- (Lenovo V14-IIL)
- (Lenovo V15 G1-IML)
- (Lenovo V15 G2-ITL)
- (Lenovo V15-IGL)
- (Lenovo V15-IIL)
- (Lenovo V17 G2-ITL)
- (Lenovo V17-IIL)
до ATCN46WW (Lenovo V340-17IWL)
до H6CN14WW (Yoga 6-13ALC6)
- (Yoga 730-15IWL)
до DNCN30WW (Yoga Creator 7-15IMH05)
- (Yoga Duet 7-13ITL6)
- (Yoga Duet 7-13ITL6-LTE)
- (Yoga S740-15IRH)
до F7CN37WW (Yoga Slim 7 Carbon 13ITL5)
до F7CN37WW (Yoga Slim 7-13ITL05)
до DMCN41WW (Yoga Slim 7-14ARE05)
до DHCN33WW (Yoga Slim 7-14IIL05)
до FBCN27WW (Yoga Slim 7-14ITL05)
до DHCN33WW (Yoga Slim 7-15IIL05)
до DNCN30WW (Yoga Slim 7-15IMH05)
до FBCN27WW (Yoga Slim 7-15ITL05)
- (ideapad 3-14IGL05)
- (ideapad 3-14IIL05)
- (ideapad 3-15IIL05)
до GECN30WW (ideapad 5 Pro-14ACN6)
до GDCN61WW (ideapad 5 Pro-14ITL6)
- (ideapad 5 Pro-16ACH6)
до GRCN20WW (ideapad 5 Pro-16IHU6)
до G5CN61WW (ideapad 5-14ALC05)
до DTCN26WW (ideapad 5-14ARE05)
- (ideapad Creator 5-16ACH6)
до H3CN32WW (ideapad Gaming 3-15ACH6)
- (ThinkPad X1 Carbon 9th Gen)
- (ThinkPad X1 Yoga 6th Gen)
Тип ПО
Микропрограммный код
Операционные системы и аппаратные платформы
-
Уровень опасности уязвимости
Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 6,7)
Возможные меры по устранению уязвимости
Использование рекомендаций производителя:
https://support.lenovo.com/us/en/product_security/LEN-77639
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Данные уточняются
Информация об устранении
Уязвимость устранена
Идентификаторы других систем описаний уязвимостей
- CVE
- LEN
EPSS
Процентиль: 11%
0.00037
Низкий
6.7 Medium
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
CVSS3: 6.7
nvd
почти 4 года назад
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS3: 6.7
github
почти 4 года назад
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
EPSS
Процентиль: 11%
0.00037
Низкий
6.7 Medium
CVSS3
6.8 Medium
CVSS2