Описание
Уязвимость модуля Elliptic Labs Virtual Lock Sensor микропрограммного обеспечения ноутбуков ThinkPad связана с неверными разрешениями. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии
Вендор
Lenovo Group Limited
Наименование ПО
P1 Gen 6 (Type 21FV, 21FW) Laptop (ThinkPad)
P1 Gen 7 (Type 21KV, 21KW) Laptop (ThinkPad)
P14s Gen 4 (Type 21HF, 21HG) Laptop (ThinkPad)
P14s Gen 4 (Type 21K5, 21K6) Laptop (ThinkPad)
P14s Gen 5 (Type 21G2, 21G3) Laptops (ThinkPad)
P14s Gen 5 (Type 21ME, 21MF) Laptops (ThinkPad)
P16 Gen 2 (Type 21FA, 21FB) Laptop (ThinkPad)
P16s Gen 2 (Type 21HK, 21HL) Laptop (ThinkPad)
P16s Gen 2 (Type 21K9, 21KA) Laptop (ThinkPad)
P16s Gen 3 (Type 21KS, 21KT) Laptops (ThinkPad)
P16v Gen 1 (Type 21FC, 21FD) Laptop (ThinkPad)
P16v Gen 1 (Type 21FE, 21FF) Laptop (ThinkPad)
P16v Gen 2 (Type 21KX, 21KY) Laptops (ThinkPad)
T14 Gen 3 (Type 21AH, 21AJ) Laptop (ThinkPad)
T14 Gen 3 (Type 21CF, 21CG) Laptop (ThinkPad)
T14 Gen 4 (Type 21HD, 21HE) Laptop (ThinkPad)
T14 Gen 4 (Type 21K3, 21K4) Laptop (ThinkPad)
T14 Gen 5 (Type 21MC, 21MD) Laptops (ThinkPad)
T14 Gen 5 (Type 21ML, 21MM) Laptops (ThinkPad)
T14s Gen 4 (Type 21F6, 21F7) Laptop (ThinkPad)
T14s Gen 4 (Type 21F8, 21F9) Laptop (ThinkPad)
T14s Gen 5 (Type 21LS, 21LT) Laptop (ThinkPad)
T14s Gen 6 (Type 21M1, 21M2) Laptops (ThinkPad)
T16 Gen 2 (Type 21HH, 21HJ) Laptop (ThinkPad)
T16 Gen 2 (Type 21K7, 21K8) Laptop (ThinkPad)
T16 Gen 3 (Type 21MN, 21MQ) Laptops (ThinkPad)
X1 2-in-1 Gen 9 (Type 21KE, 21KF) Laptop (ThinkPad)
X1 Carbon 12th Gen (Type 21KC, 21KD) Laptop (ThinkPad)
X13 2-in-1 Gen 5 (Type 21LW, 21LX) Laptop (ThinkPad)
X13 Gen 4 (Type 21EX, 21EY) Laptop (ThinkPad)
X13 Gen 4 (Type 21J3, 21J4) Laptop (ThinkPad)
X13 Gen 5 (Type 21LU, 21LV) Laptop (ThinkPad)
X13 Yoga Gen 4 (Type 21F2, 21F3) Laptop (ThinkPad)
Версия ПО
до 1000.100.108.548 (P1 Gen 6 (Type 21FV, 21FW) Laptop (ThinkPad))
до 1000.100.108.801 (P1 Gen 7 (Type 21KV, 21KW) Laptop (ThinkPad))
до 1000.100.108.858 (P14s Gen 4 (Type 21HF, 21HG) Laptop (ThinkPad))
до 1000.100.108.1893 (P14s Gen 4 (Type 21K5, 21K6) Laptop (ThinkPad))
до 1000.100.108.801 (P14s Gen 5 (Type 21G2, 21G3) Laptops (ThinkPad))
до 1000.100.108.6136 (P14s Gen 5 (Type 21ME, 21MF) Laptops (ThinkPad))
до 1000.100.108.774 (P16 Gen 2 (Type 21FA, 21FB) Laptop (ThinkPad))
до 1000.100.108.858 (P16s Gen 2 (Type 21HK, 21HL) Laptop (ThinkPad))
до 1000.100.108.1893 (P16s Gen 2 (Type 21K9, 21KA) Laptop (ThinkPad))
до 1000.100.106.2391 (P16s Gen 2 (Type 21K9, 21KA) Laptop (ThinkPad))
до 1000.100.108.801 (P16s Gen 3 (Type 21KS, 21KT) Laptops (ThinkPad))
до 1000.100.108.900 (P16v Gen 1 (Type 21FC, 21FD) Laptop (ThinkPad))
до 1000.100.108.2235 (P16v Gen 1 (Type 21FE, 21FF) Laptop (ThinkPad))
до 1000.100.108.801 (P16v Gen 2 (Type 21KX, 21KY) Laptops (ThinkPad))
до 3.2.61209.5 (T14 Gen 3 (Type 21AH, 21AJ) Laptop (ThinkPad))
до 3.2.61209.5 (T14 Gen 3 (Type 21CF, 21CG) Laptop (ThinkPad))
до 1000.100.108.858 (T14 Gen 4 (Type 21HD, 21HE) Laptop (ThinkPad))
до 1000.100.108.1893 (T14 Gen 4 (Type 21K3, 21K4) Laptop (ThinkPad))
до 1000.100.108.6136 (T14 Gen 5 (Type 21MC, 21MD) Laptops (ThinkPad))
до 1000.100.108.801 (T14 Gen 5 (Type 21ML, 21MM) Laptops (ThinkPad))
до 1000.100.108.858 (T14s Gen 4 (Type 21F6, 21F7) Laptop (ThinkPad))
до 1000.100.108.1893 (T14s Gen 4 (Type 21F8, 21F9) Laptop (ThinkPad))
до 1000.100.108.801 (T14s Gen 5 (Type 21LS, 21LT) Laptop (ThinkPad))
до 1000.100.109.82 (T14s Gen 6 (Type 21M1, 21M2) Laptops (ThinkPad))
до 1000.100.108.858 (T16 Gen 2 (Type 21HH, 21HJ) Laptop (ThinkPad))
до 1000.100.108.1893 (T16 Gen 2 (Type 21K7, 21K8) Laptop (ThinkPad))
до 1000.100.106.2391 (T16 Gen 2 (Type 21K7, 21K8) Laptop (ThinkPad))
до 1000.100.108.801 (T16 Gen 3 (Type 21MN, 21MQ) Laptops (ThinkPad))
до N3YUS12W_V2 (1000.100.108.801) (X1 2-in-1 Gen 9 (Type 21KE, 21KF) Laptop (ThinkPad))
до N3YUS12W_V2 (1000.100.108.801) (X1 Carbon 12th Gen (Type 21KC, 21KD) Laptop (ThinkPad))
до 1000.100.108.801 (X13 2-in-1 Gen 5 (Type 21LW, 21LX) Laptop (ThinkPad))
до 1000.100.108.761 (X13 Gen 4 (Type 21EX, 21EY) Laptop (ThinkPad))
до 1000.100.108.2234 (X13 Gen 4 (Type 21J3, 21J4) Laptop (ThinkPad))
до 1000.100.108.801 (X13 Gen 5 (Type 21LU, 21LV) Laptop (ThinkPad))
до 1000.100.108.761 (X13 Yoga Gen 4 (Type 21F2, 21F3) Laptop (ThinkPad))
Тип ПО
Микропрограммный код
Операционные системы и аппаратные платформы
-
Уровень опасности уязвимости
Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,6)
Средний уровень опасности (базовая оценка CVSS 3.1 составляет 6,5)
Возможные меры по устранению уязвимости
Использование рекомендаций:
https://support.lenovo.com/ru/ru/product_security/LEN-182738
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Данные уточняются
Информация об устранении
Уязвимость устранена
Ссылки на источники
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 3%
0.00017
Низкий
6.5 Medium
CVSS3
4.6 Medium
CVSS2
Связанные уязвимости
CVSS3: 7.8
nvd
7 месяцев назад
An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.
CVSS3: 7.8
github
7 месяцев назад
An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.
EPSS
Процентиль: 3%
0.00017
Низкий
6.5 Medium
CVSS3
4.6 Medium
CVSS2