Vulnerability identifier: #VU68891
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
IdeaPad 1 14IAU7
Hardware solutions /
Firmware
IdeaPad 1 14IGL7
Hardware solutions /
Firmware
IdeaPad 1 15IAU7
Hardware solutions /
Firmware
IdeaPad 1 15IGL7
Hardware solutions /
Firmware
IdeaPad 1-14IJL7
Hardware solutions /
Firmware
IdeaPad 1-15IJL7
Hardware solutions /
Firmware
IdeaPad 3 14IAU7
Hardware solutions /
Firmware
IdeaPad 3 15IAU7
Hardware solutions /
Firmware
IdeaPad 3 17IAU7
Hardware solutions /
Firmware
IdeaPad 3-15IGL05
Hardware solutions /
Firmware
IdeaPad 3-17IIL05
Hardware solutions /
Firmware
IdeaPad 3-17ITL6
Hardware solutions /
Firmware
IdeaPad 5 15IAL7
Hardware solutions /
Firmware
ideapad L3-15IML05
Hardware solutions /
Firmware
ideapad L3-15ITL6
Hardware solutions /
Firmware
Lenovo Legion 5 15IAH7
Hardware solutions /
Firmware
Lenovo Legion 5 15IAH7H
Hardware solutions /
Firmware
Lenovo Legion 5 Pro 16IAH7
Hardware solutions /
Firmware
Lenovo Legion 5 Pro 16IAH7H
Hardware solutions /
Firmware
Lenovo Legion 5 Pro-16ITH6
Hardware solutions /
Firmware
Lenovo Legion 5 Pro-16ITH6H
Hardware solutions /
Firmware
Lenovo Legion 5-15IMH05
Hardware solutions /
Firmware
Lenovo Legion 5-15IMH05H
Hardware solutions /
Firmware
Lenovo Legion 5-15IMH6
Hardware solutions /
Firmware
Lenovo Legion 5-15ITH6
Hardware solutions /
Firmware
Lenovo Legion 5-15ITH6H
Hardware solutions /
Firmware
Lenovo Legion 5-17IMH05
Hardware solutions /
Firmware
Lenovo Legion 5-17IMH05H
Hardware solutions /
Firmware
Lenovo Legion 5-17ITH6
Hardware solutions /
Firmware
Lenovo Legion 5-17ITH6H
Hardware solutions /
Firmware
Lenovo Legion 5P-15IMH05
Hardware solutions /
Firmware
Lenovo Legion 5P-15IMH05H
Hardware solutions /
Firmware
Lenovo Legion 7-16ITHg6
Hardware solutions /
Firmware
Lenovo S14 G2 ITL
Hardware solutions /
Firmware
Lenovo S14 G3 IAP
Hardware solutions /
Firmware
Lenovo Slim 7 14IAP7
Hardware solutions /
Firmware
Lenovo Slim 7 Carbon 13IAP7
Hardware solutions /
Firmware
Lenovo ThinkBook 15p IMH
Hardware solutions /
Firmware
Lenovo V14 G2 IJL
Hardware solutions /
Firmware
Lenovo V14 G3 IAP
Hardware solutions /
Firmware
Lenovo V15 G2 IJL
Hardware solutions /
Firmware
Lenovo V15 G3 IAP
Hardware solutions /
Firmware
Lenovo V17 G3 IAP
Hardware solutions /
Firmware
ideapad S540-13ITL
Hardware solutions /
Firmware
ThinkBook 15P G2 ITH
Hardware solutions /
Firmware
Lenovo V14 G1-IML
Hardware solutions /
Firmware
Lenovo V14 G2-ITL
Hardware solutions /
Firmware
Lenovo V14-IGL
Hardware solutions /
Firmware
Lenovo V15 G1-IML
Hardware solutions /
Firmware
Lenovo V15 G2-ITL
Hardware solutions /
Firmware
Lenovo V15-IGL
Hardware solutions /
Firmware
Lenovo V17 G2-ITL
Hardware solutions /
Firmware
Lenovo V17-IIL
Hardware solutions /
Firmware
Yoga 7 14IAL7
Hardware solutions /
Firmware
Yoga 7 16IAH7
Hardware solutions /
Firmware
IdeaPad Yoga 7 16IAP7
Hardware solutions /
Firmware
ideapad Yoga 7-14ITL5
Hardware solutions /
Firmware
ideapad Yoga 7-15ITL5
Hardware solutions /
Firmware
Yoga Slim 7 Carbon 13IAP7
Hardware solutions /
Firmware
Yoga Slim 7 Pro 14IAH7
Hardware solutions /
Firmware
IdeaPad Yoga Slim 7 Pro 14IAP7
Hardware solutions /
Firmware
ideapad 3-14IGL05
Hardware solutions /
Firmware
ideapad 3-14IIL05
Hardware solutions /
Firmware
ideapad 3-14IML05
Hardware solutions /
Firmware
ideapad 3-14ITL05
Hardware solutions /
Firmware
ideapad 3-14ITL6
Hardware solutions /
Firmware
ideapad 3-15IIL05
Hardware solutions /
Firmware
ideapad 3-15IML05
Hardware solutions /
Firmware
ideapad 3-15ITL05
Hardware solutions /
Firmware
ideapad 3-15ITL6
Hardware solutions /
Firmware
ideapad 3-17IML05
Hardware solutions /
Firmware
ideapad 5-15IIL05
Hardware solutions /
Firmware
ideapad Creator 5-15IMH05
Hardware solutions /
Firmware
ideapad Gaming 3-15IMH05
Hardware solutions /
Firmware
IdeaPad Yoga 9 14IAP7
Hardware solutions /
Firmware
Vendor: Lenovo
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error within the LCFC BIOS implementation. A local user can enumerate Embedded Controller (EC) commands and use them to escalate privileges on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
IdeaPad 1 14IAU7: All versions
IdeaPad 1 14IGL7: All versions
IdeaPad 1 15IAU7: All versions
IdeaPad 1 15IGL7: All versions
IdeaPad 1-14IJL7: All versions
IdeaPad 1-15IJL7: All versions
IdeaPad 3 14IAU7: All versions
IdeaPad 3 15IAU7: All versions
IdeaPad 3 17IAU7: All versions
IdeaPad 3-15IGL05: All versions
IdeaPad 3-17IIL05: All versions
IdeaPad 3-17ITL6: All versions
IdeaPad 5 15IAL7: All versions
ideapad L3-15IML05: All versions
ideapad L3-15ITL6: All versions
Lenovo Legion 5 15IAH7: All versions
Lenovo Legion 5 15IAH7H: All versions
Lenovo Legion 5 Pro 16IAH7: All versions
Lenovo Legion 5 Pro 16IAH7H: All versions
Lenovo Legion 5 Pro-16ITH6: All versions
Lenovo Legion 5 Pro-16ITH6H: All versions
Lenovo Legion 5-15IMH05: All versions
Lenovo Legion 5-15IMH05H: All versions
Lenovo Legion 5-15IMH6: All versions
Lenovo Legion 5-15ITH6: All versions
Lenovo Legion 5-15ITH6H: All versions
Lenovo Legion 5-17IMH05: All versions
Lenovo Legion 5-17IMH05H: All versions
Lenovo Legion 5-17ITH6: All versions
Lenovo Legion 5-17ITH6H: All versions
Lenovo Legion 5P-15IMH05: All versions
Lenovo Legion 5P-15IMH05H: All versions
Lenovo Legion 7-16ITHg6: All versions
Lenovo S14 G2 ITL: All versions
Lenovo S14 G3 IAP: All versions
Lenovo Slim 7 14IAP7: All versions
Lenovo Slim 7 Carbon 13IAP7: All versions
Lenovo ThinkBook 15p IMH: All versions
Lenovo V14 G2 IJL: All versions
Lenovo V14 G3 IAP: All versions
Lenovo V15 G2 IJL: All versions
Lenovo V15 G3 IAP: All versions
Lenovo V17 G3 IAP: All versions
ideapad S540-13ITL: All versions
ThinkBook 15P G2 ITH: All versions
Lenovo V14 G1-IML: All versions
Lenovo V14 G2-ITL: All versions
Lenovo V14-IGL: All versions
Lenovo V15 G1-IML: All versions
Lenovo V15 G2-ITL: All versions
Lenovo V15-IGL: All versions
Lenovo V17 G2-ITL: All versions
Lenovo V17-IIL: All versions
Yoga 7 14IAL7: All versions
Yoga 7 16IAH7: All versions
IdeaPad Yoga 7 16IAP7: All versions
ideapad Yoga 7-14ITL5: All versions
ideapad Yoga 7-15ITL5: All versions
Yoga Slim 7 Carbon 13IAP7: All versions
Yoga Slim 7 Pro 14IAH7: All versions
IdeaPad Yoga Slim 7 Pro 14IAP7: All versions
ideapad 3-14IGL05: All versions
ideapad 3-14IIL05: All versions
ideapad 3-14IML05: All versions
ideapad 3-14ITL05: All versions
ideapad 3-14ITL6: All versions
ideapad 3-15IIL05: All versions
ideapad 3-15IML05: All versions
ideapad 3-15ITL05: All versions
ideapad 3-15ITL6: All versions
ideapad 3-17IML05: All versions
ideapad 5-15IIL05: All versions
ideapad Creator 5-15IMH05: All versions
ideapad Gaming 3-15IMH05: All versions
External links
http://support.lenovo.com/us/en/product_security/LEN-103710
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.