Lenovo update for Intel Chipset Software Installation Utility

Published: 2025-05-16

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-36291
CWE-ID	CWE-426
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Intel Chipset Device Software for Windows 11 (Version 21H2 or later) - ThinkPad X1 Fold 16 Gen 1 (Type 21ES, 21ET) Hardware solutions / Drivers Intel Chipset Device Software for Windows 11 (Version 21H2 or later), 10 (Version 1809 or Later) - ThinkPad Hardware solutions / Drivers Intel Chipset Device for Windows 11 (Version 22H2 or later), 10 (Version 21H2 or later) - ThinkPad P16v Gen 2 (Type 21KX, 21KY) Hardware solutions / Drivers Intel Chipset Driver for Windows 10 (Version 22H2), 11 (Version 22H2 or Later) - ThinkStation P3 Ultra Hardware solutions / Drivers Intel Chipset Driver for Windows 10 IoT (64-bit) , Windows 11 IoT (64-bit) - ThinkSmart Hub Teams, ThinkSmart Hub Zoom Hardware solutions / Drivers Intel Chipset Driver for Windows IoT 11 (64-bit) - ThinkSmart Core Hardware solutions / Drivers Intel Chipset Driver for Windows IoT 10 (64-bit) - ThinkSmart Hub Zoom Hardware solutions / Drivers Intel Chipset Driver for Windows 10 IoT (64-bit), Windows 11 IoT 64bit - ThinkSmart Core Hardware solutions / Drivers Intel Chipset Driver for Windows IoT 10 (64-bit) - ThinkSmart Hub Teams Hardware solutions / Drivers Intel Chipset Driver for Windows IoT 10 (64-bit) - ThinkSmart Core Hardware solutions / Drivers Intel Chipset Driver for Windows 10 (64-bit), Windows 10 IoT (64-bit), Windows 11 IoT 64bit - ThinkEdge SE30 Hardware solutions / Drivers Intel Chipset Driver for Windows 10 64-bit (Version 1709, 1803) - ThinkCentre M90n-1 Hardware solutions / Drivers Intel Chipset Driver for Windows 10 IOT 64-bit - ThinkCentre M90n-1 Hardware solutions / Drivers ThinkEdge SE30 Hardware solutions / Firmware ThinkSmart Hub Zoom Hardware solutions / Firmware ThinkSmart Hub Teams Hardware solutions / Firmware ThinkCentre M90n-1 Hardware solutions / Firmware ThinkPad P16v Gen 2 21KY Hardware solutions / Firmware ThinkPad P16v Gen 2 21KX Hardware solutions / Firmware ThinkPad P15s Gen 1 20T5 Hardware solutions / Firmware ThinkPad P15s Gen 1 20T4 Hardware solutions / Firmware ThinkStation P3 Ultra Workstation Hardware solutions / Firmware ThinkPad X13 20T3 Hardware solutions / Firmware ThinkPad X13 20T2 Hardware solutions / Firmware ThinkPad X1 Fold 16 Gen 1 21ET Hardware solutions / Firmware ThinkPad X1 Fold 16 Gen 1 21ES Hardware solutions / Firmware ThinkPad T14s 20T1 Hardware solutions / Firmware ThinkPad T14s 20T0 Hardware solutions / Firmware ThinkSmart Core IP Controller Kit & Bar 180 Hardware solutions / Firmware ThinkSmart Core Device: Zoom Rooms Hardware solutions / Firmware ThinkSmart Core Device: Basic Hardware solutions / Firmware ThinkSmart Core Device for Poly Hardware solutions / Firmware ThinkSmart Core Device for Logitech Hardware solutions / Firmware ThinkSmart Core Controller Kit & Bar 180 Hardware solutions / Firmware ThinkSmart Core & ThinkSmart Controller Kit: Zoom Rooms Hardware solutions / Firmware ThinkSmart Core & ThinkSmart Controller Kit: Microsoft Teams Rooms Hardware solutions / Firmware ThinkSmart Core & ThinkSmart Controller Full Room Kit: Zoom Rooms Hardware solutions / Firmware ThinkSmart Core & ThinkSmart Controller Full Room Kit: Microsoft Teams Rooms Hardware solutions / Firmware ThinkSmart Core & IP Controller Kit: Zoom Rooms Hardware solutions / Firmware ThinkSmart Core & IP Controller Kit: Microsoft Teams Rooms/Zoom Rooms Hardware solutions / Firmware ThinkSmart Core & IP Controller Kit: Microsoft Teams Rooms Hardware solutions / Firmware ThinkSmart Core & IP Controller Full Room Kit: Zoom Rooms Hardware solutions / Firmware ThinkSmart Core & IP Controller Full Room Kit: Microsoft Teams Rooms Hardware solutions / Firmware ThinkPad T15 20S7 Hardware solutions / Firmware ThinkPad T15 20S6 Hardware solutions / Firmware ThinkPad T14 Gen 1 20S3 Hardware solutions / Firmware ThinkPad T14 Gen 1 20S2 Hardware solutions / Firmware ThinkPad T14 Gen 1 20S1 Hardware solutions / Firmware ThinkPad T14 Gen 1 20S0 Hardware solutions / Firmware ThinkPad P14s Gen 1 20S5 Hardware solutions / Firmware ThinkPad P14s Gen 1 20S4 Hardware solutions / Firmware
Vendor	Lenovo

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Untrusted search path

EUVDB-ID: #VU104107

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36291

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Intel Chipset Device Software for Windows 11 (Version 21H2 or later) - ThinkPad X1 Fold 16 Gen 1 (Type 21ES, 21ET): All versions

Intel Chipset Device Software for Windows 11 (Version 21H2 or later), 10 (Version 1809 or Later) - ThinkPad: All versions

Intel Chipset Device for Windows 11 (Version 22H2 or later), 10 (Version 21H2 or later) - ThinkPad P16v Gen 2 (Type 21KX, 21KY): All versions

ThinkEdge SE30: All versions

ThinkSmart Hub Zoom: All versions

ThinkSmart Hub Teams: All versions

ThinkCentre M90n-1: All versions

ThinkPad P16v Gen 2 21KY: All versions

ThinkPad P16v Gen 2 21KX: All versions

ThinkPad P15s Gen 1 20T5: All versions

ThinkPad P15s Gen 1 20T4: All versions

ThinkStation P3 Ultra Workstation: All versions

ThinkPad X13 20T3: All versions

ThinkPad X13 20T2: All versions

ThinkPad X1 Fold 16 Gen 1 21ET: All versions

ThinkPad X1 Fold 16 Gen 1 21ES: All versions

ThinkPad T14s 20T1: All versions

ThinkPad T14s 20T0: All versions

ThinkSmart Core IP Controller Kit & Bar 180: All versions

ThinkSmart Core Device: Zoom Rooms: All versions

ThinkSmart Core Device: Basic: All versions

ThinkSmart Core Device for Poly: All versions

ThinkSmart Core Device for Logitech: All versions

ThinkSmart Core Controller Kit & Bar 180: All versions

ThinkSmart Core & ThinkSmart Controller Kit: Zoom Rooms: All versions

ThinkSmart Core & ThinkSmart Controller Kit: Microsoft Teams Rooms: All versions

ThinkSmart Core & ThinkSmart Controller Full Room Kit: Zoom Rooms: All versions

ThinkSmart Core & ThinkSmart Controller Full Room Kit: Microsoft Teams Rooms: All versions

ThinkSmart Core & IP Controller Kit: Zoom Rooms: All versions

ThinkSmart Core & IP Controller Kit: Microsoft Teams Rooms/Zoom Rooms: All versions

ThinkSmart Core & IP Controller Kit: Microsoft Teams Rooms: All versions

ThinkSmart Core & IP Controller Full Room Kit: Zoom Rooms: All versions

ThinkSmart Core & IP Controller Full Room Kit: Microsoft Teams Rooms: All versions

ThinkPad T15 20S7: All versions

ThinkPad T15 20S6: All versions

ThinkPad T14 Gen 1 20S3: All versions

ThinkPad T14 Gen 1 20S2: All versions

ThinkPad T14 Gen 1 20S1: All versions

ThinkPad T14 Gen 1 20S0: All versions

ThinkPad P14s Gen 1 20S5: All versions

ThinkPad P14s Gen 1 20S4: All versions

Intel Chipset Driver for Windows 10 (Version 22H2), 11 (Version 22H2 or Later) - ThinkStation P3 Ultra: before 10.1.19600.8418

Intel Chipset Driver for Windows 10 IoT (64-bit) , Windows 11 IoT (64-bit) - ThinkSmart Hub Teams, ThinkSmart Hub Zoom: before 10.1.24.6

Intel Chipset Driver for Windows IoT 11 (64-bit) - ThinkSmart Core: before 10.1.24.6

Intel Chipset Driver for Windows IoT 10 (64-bit) - ThinkSmart Hub Zoom: before 10.1.24.6

Intel Chipset Driver for Windows 10 IoT (64-bit), Windows 11 IoT 64bit - ThinkSmart Core: before 10.1.24.6

Intel Chipset Driver for Windows IoT 10 (64-bit) - ThinkSmart Hub Teams: before 10.1.24.6

Intel Chipset Driver for Windows IoT 10 (64-bit) - ThinkSmart Core: before 10.1.24.6

Intel Chipset Driver for Windows 10 (64-bit), Windows 10 IoT (64-bit), Windows 11 IoT 64bit - ThinkEdge SE30: before 10.1.24.6

Intel Chipset Driver for Windows 10 64-bit (Version 1709, 1803) - ThinkCentre M90n-1: before 10.1.24.6

Intel Chipset Driver for Windows 10 IOT 64-bit - ThinkCentre M90n-1: before 10.1.24.6

CPE2.3

External links

https://support.lenovo.com/us/en/product_security/LEN-178469

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.