Multiple vulnerabilities in Lenovo ThinkPad BIOS firmware

1) Security features bypass

EUVDB-ID: #VU73729

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3728

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in the BIOS tamper detection mechanism. A local user can bypass implemented security restrictions and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ThinkPad T14s Gen 3 21CQ 21CR: before R22ET55W

ThinkPad X13 Gen 3 21CM 21CN: before R22ET55W

External links

http://support.lenovo.com/us/en/product_security/LEN-106014

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security features bypass

EUVDB-ID: #VU73730

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48182

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in the BIOS tamper detection mechanism. A local user can bypass implemented security restrictions and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ThinkPad T14s Gen 3 21BR 21BS: All versions

ThinkPad X13 Gen 3 21BN 21BQ: All versions

ThinkPad T14s Gen 3 21CQ 21CR: before R22ET60W

ThinkPad X13 Gen 3 21CM 21CN: before R22ET60W

External links

http://support.lenovo.com/us/en/product_security/LEN-106014

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security features bypass

EUVDB-ID: #VU73731

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48183

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in the BIOS tamper detection mechanism. A local user can bypass implemented security restrictions and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ThinkPad T14s Gen 3 21BR 21BS: All versions

ThinkPad X13 Gen 3 21BN 21BQ: All versions

ThinkPad T14s Gen 3 21CQ 21CR: before R22ET60W

ThinkPad X13 Gen 3 21CM 21CN: before R22ET60W

External links

http://support.lenovo.com/us/en/product_security/LEN-106014

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU73732

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2022-4573

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the SMI handler. A local user can execute arbitrary code on the target system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

ThinkPad X1 Fold Gen 1 20RK: All versions

ThinkPad X1 Fold Gen 1 20RL: All versions

External links

http://support.lenovo.com/us/en/product_security/LEN-106014

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU73733

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4574

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the SMI handler. A local user can execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

20TQ: All versions

ThinkPad P14s Gen 1 20S4: All versions

ThinkPad P14s Gen 1 20S5: All versions

ThinkPad P14s Gen 2 20VX: All versions

ThinkPad P14s Gen 2 20VY: All versions

ThinkPad P15s Gen 1 20T4 20T5: All versions

ThinkPad P15s Gen 2 20W6: All versions

ThinkPad P15s Gen 2 20W7: All versions

ThinkPad P15v Gen 3 21D8 21D9: All versions

ThinkPad T14 Gen 1 20S0: All versions

ThinkPad T14 Gen 1 20S1: All versions

ThinkPad T14 Gen 1 20S2: All versions

ThinkPad T14 Gen 1 20S3: All versions

ThinkPad T14 Gen 2 20W0: All versions

ThinkPad T14 Gen 2 20W1: All versions

ThinkPad T15 20S6: All versions

ThinkPad T15 20S7: All versions

ThinkPad T15 Gen 2 20W4: All versions

ThinkPad T15 Gen 2 20W5: All versions

ThinkPad T15p Gen 3 21DA 21DB: All versions

ThinkPad X1 Fold Gen 1 20RK: All versions

ThinkPad X1 Fold Gen 1 20RL: All versions

ThinkPad L14 20U1 s: before R17UJ16W.EXE(R17ET36W)

ThinkPad L14 20U2 s: before R17UJ16W.EXE(R17ET36W)

ThinkPad L14 Gen 2 Type 20X1 20X2 s: before R1JET61W

ThinkPad L15 20U3: before R17UJ16W.EXE(R17ET36W)

ThinkPad L15 20U4: before R17UJ16W.EXE(R17ET36W)

ThinkPad L15 Gen 2 Type 20X3 20X4: before R1JET61W

ThinkPad P1 Gen 3 20TH: before N2VET41W

ThinkPad P1 Gen 3 20TJ: before N2VET41W

ThinkPad P1 Gen 4 20Y3: before N40ET39W

ThinkPad P1 Gen 4 20Y4: before N40ET39W

ThinkPad P1 Gen 5 21DC 21DD: before N3JET27W

ThinkPad P14s Gen 3 21AK: before N3BUJ09W (N3BET53W)

ThinkPad P14s Gen 3 21AL: before N3BUJ09W (N3BET53W)

ThinkPad P15 Gen 1 20ST: before N30UJ16W (N30ET49W)

ThinkPad P15 Gen 1 20SU: before N30UJ16W (N30ET49W)

ThinkPad P15 Gen 2 20YQ s: before N37UJ12W (N37ET44W)

ThinkPad P15 Gen 2 20YR s: before N37UJ12W (N37ET44W)

20TR P15v Gen 1 type (ThinkPad): before N30UJ16W (N30ET49W)

ThinkPad P15v Gen 2 21A9 s: before N38UJ08W (N38ET36W)

ThinkPad P15v Gen 2 21AA s: before N38UJ08W (N38ET36W)

ThinkPad P16 Gen 1 21D6: before N3FUJ07W (N3FET32W)

ThinkPad P16 Gen 1 21D7: before N3FUJ07W (N3FET32W)

ThinkPad P16s Gen 1 21BT: before N3BUJ09W (N3BET53W)

ThinkPad P16s Gen 1 21BU: before N3BUJ09W (N3BET53W)

ThinkPad P17 Gen 1 20SN: before N30UJ16W (N30ET49W)

ThinkPad P17 Gen 1 20SQ: before N30UJ16W (N30ET49W)

ThinkPad P17 Gen 2 20YU s: before N37UJ12W (N37ET44W)

ThinkPad P17 Gen 2 20YV s: before N37UJ12W (N37ET44W)

ThinkPad T14 Gen 3 21AH: before N3BUJ09W (N3BET53W)

ThinkPad T14 Gen 3 21AJ: before N3BUJ09W (N3BET53W)

ThinkPad T14s 20T0: before N2YET37W

ThinkPad T14s 20T1: before N2YET37W

ThinkPad T14s Gen 2 20WM: before N35UJ14W (N35ET52W)

ThinkPad T14s Gen 2 20WN: before N35UJ14W (N35ET52W)

ThinkPad T14s Gen 3 21BR 21BS: before N3CUR07W (N3CET52W)

ThinkPad T15g Gen 1 20UR 20US: before N30UJ16W (N30ET49W)

ThinkPad T15g Gen 2 20YS: before N37UJ12W (N37ET44W)

ThinkPad T15g Gen 2 20YT: before N37UJ12W (N37ET44W)

ThinkPad T15p Gen 1 20TN 20TM: before N30UJ16W (N30ET49W)

ThinkPad T15p Gen 2 21A7: before N38UJ08W (N38ET36W)

ThinkPad T15p Gen 2 21A8: before N38UJ08W (N38ET36W)

ThinkPad T16 Gen 1 21BV: before N3BUJ09W (N3BET53W)

ThinkPad T16 Gen 1 21BW: before N3BUJ09W (N3BET53W)

ThinkPad X1 Carbon 10th Gen 21CB: before N3AUJ13W.exe (N3AET66W)

ThinkPad X1 Carbon 10th Gen 21CC: before N3AUJ13W.exe (N3AET66W)

ThinkPad X1 Carbon 7th Gen - 20QD: before N2HUJ48W.exe (N2QET50W)

ThinkPad X1 Carbon 7th Gen - 20QE: before N2HUJ48W.exe (N2QET50W)

ThinkPad X1 Carbon 7th Gen - 20R1: before N2HUJ48W.exe (N2QET50W)

ThinkPad X1 Carbon 7th Gen - 20R2: before N2HUJ48W.exe (N2QET50W)

ThinkPad X1 Carbon 8th Gen - 20U9: before N2WUJ26W (N2WET40W)

ThinkPad X1 Carbon 8th Gen - 20UA: before N2WUJ26W (N2WET40W)

ThinkPad X1 Carbon 9th Gen 20XW: before N32UJ19W.exe (N32ET81W)

ThinkPad X1 Carbon 9th Gen 20XX: before N32UJ19W.exe (N32ET81W)

ThinkPad X1 Extreme 3rd Gen 20TK: before N2VET41W

ThinkPad X1 Extreme 3rd Gen 20TL: before N2VET41W

ThinkPad X1 Extreme 4th Gen 20Y5: before N40ET39W

ThinkPad X1 Extreme 4th Gen 20Y6: before N40ET39W

ThinkPad X1 Extreme Gen 5 21DE: before N3JET27W

ThinkPad X1 Extreme Gen 5 21DF: before N3JET27W

ThinkPad X1 Nano Gen 1 20UN 20UQ: before N2TUJ20W.exe (N2TET76W)

ThinkPad X1 Nano Gen 2 21E8 21E9: before N3IET36W

ThinkPad X1 Titanium 20QA: before N2MUJ15W.exe (N2MET58W)

ThinkPad X1 Titanium 20QB: before N2MUJ15W.exe (N2MET58W)

ThinkPad X1 Yoga 4th Gen 20QF: before N2HUJ48W.exe (N2QET50W)

ThinkPad X1 Yoga 4th Gen 20QG: before N2HUJ48W.exe (N2QET50W)

ThinkPad X1 Yoga 4th Gen 20SA: before N2HUJ48W.exe (N2QET50W)

ThinkPad X1 Yoga 4th Gen 20SB: before N2HUJ48W.exe (N2QET50W)

ThinkPad X1 Yoga 5th Gen 20UB: before N2WUJ26W (N2WET40W)

ThinkPad X1 Yoga 5th Gen 20UC: before N2WUJ26W (N2WET40W)

ThinkPad X1 Yoga 6th Gen 20XY: before N32UJ19W.exe (N32ET81W)

ThinkPad X1 Yoga 6th Gen 20Y0: before N32UJ19W.exe (N32ET81W)

ThinkPad X1 Yoga 7th Gen 21CD: before N3AUJ13W.exe (N3AET66W)

ThinkPad X1 Yoga 7th Gen 21CE: before N3AUJ13W.exe (N3AET66W)

ThinkPad X13 20T2: before N2YET37W

ThinkPad X13 20T3: before N2YET37W

ThinkPad X13 Gen 2 20WK: before N35UJ14W (N35ET52W)

ThinkPad X13 Gen 2 20WL: before N35UJ14W (N35ET52W)

ThinkPad X13 Gen 3 21BN 21BQ: before N3CUR07W (N3CET52W)

ThinkPad X13 Yoga Gen 1: before N2UET64W

ThinkPad X13 Yoga Gen 2 20W8: before N39ET60W

ThinkPad X13 Yoga Gen 2 20W9: before N39ET60W

External links

http://support.lenovo.com/us/en/product_security/LEN-106014

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Security features bypass

EUVDB-ID: #VU73734

Risk: Low

CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4575

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to improper write protection of UEFI variables. An attacker with physical access to device can bypass the Secure Boot mechanism and compromise the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ThinkPad X260: All versions

ThinkPad 25 20K7: before N1QET98W

ThinkPad L560: before N1HUJ45W.exe(N1HET98W)

ThinkPad P50: before N1EET98W

ThinkPad P50s: before N1KUJ35W.exe(N1KET58W)

ThinkPad P70: before N1DETB9W

ThinkPad T470 20HD: before N1QET98W

ThinkPad T470 20HE: before N1QET98W

ThinkPad T470 20JM: before N1QET98W

ThinkPad T470 20JN: before N1QET98W

ThinkPad T470s 20HF: before N1WET70W

ThinkPad T470s 20HG: before N1WET70W

ThinkPad T470s 20JS: before N1WET70W

ThinkPad T470s 20JT: before N1WET70W

ThinkPad T560: before N1KUJ35W.exe(N1KET58W)

ThinkPad X1 Carbon 4th Gen 20FB: before N1FUJ49W.exe(N1FET82W)

ThinkPad X1 Carbon 4th Gen 20FC: before N1FUJ49W.exe(N1FET82W)

ThinkPad X1 Yoga 1st Gen 20FQ: before N1FUJ49W.exe(N1FET82W)

ThinkPad X1 Yoga 1st Gen 20FR: before N1FUJ49W.exe(N1FET82W)

ThinkPad X270 20HN: before R0IET69W

ThinkPad X270 20HM: before R0IET69W

ThinkPad X270 20K6: before R0IET69W

ThinkPad X270 20K5: before R0IET69W

ThinkPad Yoga 260: before N1GUJ43W.exe (N1GETA9W)

External links

http://support.lenovo.com/us/en/product_security/LEN-106014

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU73735

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48189

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in the SMM driver. A local user can execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

20TQ: All versions

ThinkPad L13 Gen 2 20VH s: All versions

ThinkPad L13 Gen 2 20VJ s: All versions

ThinkPad L13 Gen 3 21B3: All versions

ThinkPad L13 Gen 3 21B4: All versions

ThinkPad L13 Yoga Gen 2 20VL s: All versions

ThinkPad L13 Yoga Gen 2 20VK s: All versions

ThinkPad L13 Yoga Gen 3 21B5: All versions

ThinkPad L13 Yoga Gen 3 21B6: All versions

ThinkPad L14 Gen 3 21C1 s: All versions

ThinkPad L14 Gen 3 21C2 s: All versions

ThinkPad L15 Gen 3 21C3 s: All versions

ThinkPad L15 Gen 3 21C4 s: All versions

ThinkPad P1 Gen 4 20Y3: All versions

ThinkPad P1 Gen 4 20Y4: All versions

ThinkPad P14s Gen 1 20S4: All versions

ThinkPad P14s Gen 1 20S5: All versions

ThinkPad P14s Gen 2 20VX: All versions

ThinkPad P14s Gen 2 20VY: All versions

ThinkPad P15s Gen 1 20T4 20T5: All versions

ThinkPad P15s Gen 2 20W6: All versions

ThinkPad P15s Gen 2 20W7: All versions

ThinkPad P15v Gen 3 21D8 21D9: All versions

ThinkPad P15v Gen 3 21EN 21EM: All versions

ThinkPad P43s 20RH: All versions

ThinkPad P43s 20RJ: All versions

ThinkPad P53s 20N6: All versions

ThinkPad P53s 20N7: All versions

ThinkPad T14 Gen 1 20S0: All versions

ThinkPad T14 Gen 1 20S1: All versions

ThinkPad T14 Gen 1 20S2: All versions

ThinkPad T14 Gen 1 20S3: All versions

ThinkPad T14 Gen 2 20W0: All versions

ThinkPad T14 Gen 2 20W1: All versions

ThinkPad T15 20S6: All versions

ThinkPad T15 20S7: All versions

ThinkPad T15 Gen 2 20W4: All versions

ThinkPad T15 Gen 2 20W5: All versions

ThinkPad T15p Gen 3 21DA 21DB: All versions

ThinkPad T490 20N2: All versions

ThinkPad T490 20N3: All versions

ThinkPad T490 20RY: All versions

ThinkPad T490 20RX: All versions

ThinkPad T490 Type 20Q9: All versions

20QH: All versions

ThinkPad T590 20N4: All versions

ThinkPad T590 20N5: All versions

ThinkPad S2 Gen 6 Type 20VM China Only: All versions

ThinkPad S2 Yoga Gen 6 Type 20VN China Only: All versions

ThinkPad X1 Extreme 4th Gen 20Y5: All versions

ThinkPad X1 Extreme 4th Gen 20Y6: All versions

ThinkPad X1 Fold Gen 1 20RK: All versions

ThinkPad X1 Fold Gen 1 20RL: All versions

X13 Yoga Gen 3 21AW (ThinkPad: All versions

X13 Yoga Gen 3 21AX (ThinkPad: All versions

ThinkPad Z13 Gen 1 21D2: All versions

ThinkPad Z13 Gen 1 21D3: All versions

ThinkPad Z16 Gen 1 21D4: All versions

ThinkPad Z16 Gen 1 21D5: All versions

ThinkPad E14 20RA: before R16UJ20W.EXE(R16ET37W)

ThinkPad E14 20RB: before R16UJ20W.EXE(R16ET37W)

ThinkPad E14 Gen 2 20TA: before R1EET55W

ThinkPad E14 Gen 2 20TB: before R1EET55W

ThinkPad E14 Gen 4 21E3 s: before R1SET46W

ThinkPad E14 Gen 4 21E4 s: before R1SET46W

ThinkPad E15 20RD: before R16UJ20W.EXE(R16ET37W)

ThinkPad E15 20RE: before R16UJ20W.EXE(R16ET37W)

ThinkPad E15 Gen 2 20TD: before R1EET55W

ThinkPad E15 Gen 2 20TE: before R1EET55W

ThinkPad E15 Gen 4 21E6 21E7 s: before R1SET46W

ThinkPad E490 20N8: before R0YET51W

ThinkPad E490 20N9: before R0YET51W

ThinkPad E490s 20NG: before R0YET51W

ThinkPad E590 20NB: before R0YET51W

ThinkPad E590 20NC: before R0YET51W

ThinkPad L14 20U1 s: before R17UJ16W.EXE(R17ET36W)

ThinkPad L14 20U2 s: before R17UJ16W.EXE(R17ET36W)

ThinkPad L14 Gen 2 Type 20X1 20X2 s: before R1JET61W

ThinkPad L15 20U3: before R17UJ16W.EXE(R17ET36W)

ThinkPad L15 20U4: before R17UJ16W.EXE(R17ET36W)

ThinkPad L15 Gen 2 Type 20X3 20X4: before R1JET61W

ThinkPad L490 20Q5 s: before R0ZET54W

ThinkPad L490 20Q6 s: before R0ZET54W

ThinkPad L590 20Q7 s: before R0ZET54W

ThinkPad L590 20Q8 s: before R0ZET54W

ThinkPad P1 Gen 2 20QT: before N2OUJ28W.exe(N2OET59W)

ThinkPad P1 Gen 2 20QU: before N2OUJ28W.exe(N2OET59W)

ThinkPad P1 Gen 3 20TH: before N2VUJ23W.exe(N2VET42W)

ThinkPad P1 Gen 3 20TJ: before N2VUJ23W.exe(N2VET42W)

ThinkPad P1 Gen 5 21DC 21DD: before N3JUJ09W.exe(N3JET30W)

ThinkPad P14s Gen 3 21AK: before N3BUJ09W/N3BUJ09W (N3BET53W/N3MET12W)

ThinkPad P14s Gen 3 21AL: before N3BUJ09W/N3BUJ09W (N3BET53W/N3MET12W)

ThinkPad P15 Gen 1 20ST: before N30UJ16W (N30ET49W)

ThinkPad P15 Gen 1 20SU: before N30UJ16W (N30ET49W)

ThinkPad P15 Gen 2 20YQ s: before N37UJ12W (N37ET44W)

ThinkPad P15 Gen 2 20YR s: before N37UJ12W (N37ET44W)

20TR P15v Gen 1 type (ThinkPad): before N30UJ16W (N30ET49W)

ThinkPad P15v Gen 2 21A9 s: before N38UJ09W (N38ET37W)

ThinkPad P15v Gen 2 21AA s: before N38UJ09W (N38ET37W)

ThinkPad P16 Gen 1 21D6: before N3FUJ07W (N3FET32W)

ThinkPad P16 Gen 1 21D7: before N3FUJ07W (N3FET32W)

ThinkPad P16s Gen 1 21BT: before N3BUJ09W/N3BUJ09W (N3BET53W/N3MET12W)

ThinkPad P16s Gen 1 21BU: before N3BUJ09W/N3BUJ09W (N3BET53W/N3MET12W)

ThinkPad P17 Gen 1 20SN: before N30UJ16W (N30ET49W)

ThinkPad P17 Gen 1 20SQ: before N30UJ16W (N30ET49W)

ThinkPad P17 Gen 2 20YU s: before N37UJ12W (N37ET44W)

ThinkPad P17 Gen 2 20YV s: before N37UJ12W (N37ET44W)

ThinkPad P53 20QN: before N2NUJ24W (N2NET55W)

ThinkPad P53 20QQ: before N2NUJ24W (N2NET55W)

Thinkpad P73 20QR: before N2NUJ24W (N2NET55W)

Thinkpad P73 20QS: before N2NUJ24W (N2NET55W)

ThinkPad T14 Gen 3 21AH: before N3BUJ09W/N3BUJ09W (N3BET53W/N3MET12W)

ThinkPad T14 Gen 3 21AJ: before N3BUJ09W/N3BUJ09W (N3BET53W/N3MET12W)

ThinkPad T14s 20T0: before N2YET37W

ThinkPad T14s 20T1: before N2YET37W

ThinkPad T14s Gen 2 20WM: before N35UJ13W (N35ET51W)

ThinkPad T14s Gen 2 20WN: before N35UJ13W (N35ET51W)

ThinkPad T14s Gen 3 21BR 21BS: before N3CUR07W (N3CET52W)

ThinkPad T15g Gen 1 20UR 20US: before N30UJ16W (N30ET49W)

ThinkPad T15g Gen 2 20YS: before N37UJ12W (N37ET44W)

ThinkPad T15g Gen 2 20YT: before N37UJ12W (N37ET44W)

ThinkPad T15p Gen 1 20TN 20TM: before N30UJ16W (N30ET49W)

ThinkPad T15p Gen 2 21A7: before N38UJ09W (N38ET37W)

ThinkPad T15p Gen 2 21A8: before N38UJ09W (N38ET37W)

ThinkPad T16 Gen 1 21BV: before N3BUJ09W/N3BUJ09W (N3BET53W/N3MET12W)

ThinkPad T16 Gen 1 21BW: before N3BUJ09W/N3BUJ09W (N3BET53W/N3MET12W)

ThinkPad T490s 20NX: before N2JUJ38W (N2JETA1W)

ThinkPad T490s 20NY: before N2JUJ38W (N2JETA1W)

ThinkPad R14 Gen 2 Type 20TC PRC: before R1EET55W

ThinkPad R14 Gen 4 Types 21E5 PRC only: before R1SET46W

ThinkPad S3 2nd Gen type 20RG China only: before R16UJ20W.EXE(R16ET37W)

ThinkPad X1 Carbon 10th Gen 21CB: before N3AUJ17W.exe (N3AET71W)

ThinkPad X1 Carbon 10th Gen 21CC: before N3AUJ17W.exe (N3AET71W)

ThinkPad X1 Carbon 7th Gen - 20QD: before N2HUJ49W.exe (N2HET73W)

ThinkPad X1 Carbon 7th Gen - 20QE: before N2HUJ49W.exe (N2HET73W)

ThinkPad X1 Carbon 7th Gen - 20R1: before N2HUJ49W.exe (N2HET73W)

ThinkPad X1 Carbon 7th Gen - 20R2: before N2HUJ49W.exe (N2HET73W)

ThinkPad X1 Carbon 8th Gen - 20U9: before N2WUJ26W (N2WET40W)

ThinkPad X1 Carbon 8th Gen - 20UA: before N2WUJ26W (N2WET40W)

ThinkPad X1 Carbon 9th Gen 20XW: before N32UJ20W.exe (N32ET82W)

ThinkPad X1 Carbon 9th Gen 20XX: before N32UJ20W.exe (N32ET82W)

ThinkPad X1 Extreme 2nd Gen 20QV: before N2OUJ28W.exe(N2OET59W)

ThinkPad X1 Extreme 2nd Gen 20QW: before N2OUJ28W.exe(N2OET59W)

ThinkPad X1 Extreme 3rd Gen 20TK: before N2VUJ23W.exe(N2VET42W)

ThinkPad X1 Extreme 3rd Gen 20TL: before N2VUJ23W.exe(N2VET42W)

ThinkPad X1 Extreme Gen 5 21DE: before N3JUJ09W.exe(N3JET30W)

ThinkPad X1 Extreme Gen 5 21DF: before N3JUJ09W.exe(N3JET30W)

ThinkPad X1 Nano Gen 1 20UN 20UQ: before N2TUJ20W.exe (N2TET77W)

ThinkPad X1 Nano Gen 2 21E8 21E9: before N3IUJ10W.exe(N3IET38W)

ThinkPad X1 Titanium 20QA: before N2MUJ16W (N2MET59W)

ThinkPad X1 Titanium 20QB: before N2MUJ16W (N2MET59W)

ThinkPad X1 Yoga 4th Gen 20QF: before N2HUJ49W.exe (N2HET73W)

ThinkPad X1 Yoga 4th Gen 20QG: before N2HUJ49W.exe (N2HET73W)

ThinkPad X1 Yoga 4th Gen 20SA: before N2HUJ49W.exe (N2HET73W)

ThinkPad X1 Yoga 4th Gen 20SB: before N2HUJ49W.exe (N2HET73W)

ThinkPad X1 Yoga 5th Gen 20UB: before N2WUJ26W (N2WET40W)

ThinkPad X1 Yoga 5th Gen 20UC: before N2WUJ26W (N2WET40W)

ThinkPad X1 Yoga 6th Gen 20XY: before N32UJ20W.exe (N32ET82W)

ThinkPad X1 Yoga 6th Gen 20Y0: before N32UJ20W.exe (N32ET82W)

ThinkPad X1 Yoga 7th Gen 21CD: before N3AUJ17W.exe (N3AET71W)

ThinkPad X1 Yoga 7th Gen 21CE: before N3AUJ17W.exe (N3AET71W)

ThinkPad X12 Detachable Gen 1 20UW: before R1GUJ15W.exe(R1GET53W)

ThinkPad X12 Detachable Gen 1 20UV: before R1GUJ15W.exe(R1GET53W)

ThinkPad X13 20T2: before N2YET37W

ThinkPad X13 20T3: before N2YET37W

ThinkPad X13 Gen 2 20WK: before N35UJ13W (N35ET51W)

ThinkPad X13 Gen 2 20WL: before N35UJ13W (N35ET51W)

ThinkPad X13 Gen 3 21BN 21BQ: before N3CUR07W (N3CET52W)

ThinkPad X13 Yoga Gen 1: before N2UUJ26W.exe(N2UET65W)

ThinkPad X13 Yoga Gen 2 20W8: before N39UJ18W.exe(N39ET61W)

ThinkPad X13 Yoga Gen 2 20W9: before N39UJ18W.exe(N39ET61W)

ThinkPad X390 20Q0: before N2JUJ38W (N2JETA1W)

ThinkPad X390 20Q1: before N2JUJ38W (N2JETA1W)

ThinkPad X390 20SC: before N2JUJ38W (N2JETA1W)

ThinkPad X390 20SD: before N2JUJ38W (N2JETA1W)

ThinkPad X390 Yoga: before N2LUJ32W.exe(N2LET95W)

External links

http://support.lenovo.com/us/en/product_security/LEN-106014

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.