7

CVE-2018-9069

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hp310s-14isk Firmware Version < 1.15
   Hp310s-14isk Version-
Hp320-15ikbra Firmware Version < 6jcn24ww
   Hp320-15ikbra Version-
Hp320-15ikbrn Firmware Version < 6jcn24ww
   Hp320-15ikbrn Version-
Hp320-15ikbrn Touch Firmware Version < 6jcn24ww
   Hp320-15ikbrn Touch Version-
Hp320-17ikbrn Version < 2.09
   Hp320-17ikbrn Version-
Hp320s-14ikb Version < 2.09
   Hp320s-14ikb Version-
Hp320s-15ikb Firmware Version < 2.09
   Hp320s-15ikb Version-
Hp320s-15isk Firmware Version < 2wcn38ww
   Hp320s-15isk Version-
Hp510s-14isk Firmware Version < 1.15
   Hp510s-14isk Version-
Hp520-15ikbrn Firmware Version < 6jcn26ww
   Hp520-15ikbrn Version-
Hp520s-14ikb Firmware Version < 2.09
   Hp520s-14ikb Version-
Hp710s Plus-13ikb 16g Firmware Version < 2.55
   Hp710s Plus-13ikb 16g Version-
Hp710s Plus-3ikb Firmware Version < 2.55
   Hp710s Plus-3ikb Version-
HpXiaoxinair13ikbpro Firmware Version < 2.55
   HpXiaoxinair13ikbpro Version-
Hp710s Plus Touch-13ikb Firmware Version < 2.55
   Hp710s Plus Touch-13ikb Version-
Hp720s-13ikb Firmware Version < 5scn38ww
   Hp720s-13ikb Version-
HpB320-14ikb Firmware Version-
   HpB320-14ikb Version-
LenovoE42-80 Firmware Version < 2wcn38ww
   HpE42-80 Version-
LenovoE52-80 Firmware Version < 2wcn38ww
   HpE52-80 Version-
HpFlex 4-1470 Firmware Version < 1.15
   HpFlex 4-1470 Version-
HpFlex 5-1470 Firmware Version < 2.09
   HpFlex 5-1470 Version-
HpFlex 5-1570 Firmware Version < 2.09
   HpFlex 5-1570 Version-
HpIdeapad 2in1 14 Firmware Version-
   HpIdeapad 2in1 14 Version-
HpLenovo Ideapad 720s-14ikb Firmware Version < 6jcn26ww
   HpLenovo Ideapad 720s-14ikb Version-
HpLenovo Ideapad Flex 5-1470 Firmware Version < 6jcn26ww
   HpLenovo Ideapad Flex 5-1470 Version-
HpLenovo Ideapad Flex 5-1570 Firmware Version < 6jcn26ww
   HpLenovo Ideapad Flex 5-1570 Version-
HpLenovo Y520-15ikba Firmware Version < 5jcn25ww
   HpLenovo Y520-15ikba Version-
HpLenovo Y520-15ikbm Firmware Version < 5jcn25ww
   HpLenovo Y520-15ikbm Version-
HpLenovo Yoga 520-14ikb Firmware Version < 6jcn26ww
   HpLenovo Yoga 520-14ikb Version-
HpLenovo Yoga 520-15ikb Firmware Version < 6jcn26ww
   HpLenovo Yoga 520-15ikb Version-
HpMiix 720-12ikb Version < 3scn66ww
   HpMiix 720-12ikb Version-
HpNano110-14ikb Firmware Version-
   HpNano110-14ikb Version-
HpNano110-15ikb Firmware Version < 5xcn24ww
   HpNano110-15ikb Version-
HpRescuer R720-15ikbm Firmware Version < 5xcn24ww
   HpRescuer R720-15ikbm Version-
HpRescuer Y520-15ikbm Firmware Version < 5xcn24ww
   HpRescuer Y520-15ikbm Version-
LenovoV310-14ikb Firmware Version < 2wcn38ww
   HpV310-14ikb Version-
LenovoV310-14isk Firmware Version < 4.07
   HpV310-14isk Version-
LenovoV310-15ikb Firmware Version < 2wcn38ww
   HpV310-15ikb Version-
LenovoV310-15isk Firmware Version < 0zcn47ww
   HpV310-15isk Version-
HpV330-14ikb Firmware Version < 4.07
   HpV330-14ikb Version-
HpV330-14isk Firmware Version < 4.07
   HpV330-14isk Version-
LenovoV510-14ikb Firmware Version < 2wcn38ww
   HpV510-14ikb Version-
LenovoV510-15ikb Firmware Version < 2wcn38ww
   HpV510-15ikb Version-
HpYoga 310-11iap Firmware Version < 6.7
   HpYoga 310-11iap Version-
HpYoga 510-14isk Firmware Version < 1.15
   HpYoga 510-14isk Version-
HpYoga 720-13ikb Firmware Version < 2.05
   HpYoga 720-13ikb Version-
HpYoga 720-13ikbr Firmware Version < 2.07
   HpYoga 720-13ikbr Version-
HpYoga 720-15ikb Firmware Version < 2.05
   HpYoga 720-15ikb Version-
HpLenovo V720-14 Firmware Version < 2.12
   HpLenovo V720-14 Version-
Hp7000 U42 Firmware Version < 2.09
   Hp7000 U42 Version-
Hp7000-15 U42 Firmware Version < 2.09
   Hp7000-15 U42 Version-
HpR720-15ikba Firmware Version < 5jcn25ww
   HpR720-15ikba Version-
HpY520-15ikba Firmware Version < 5jcn25ww
   HpY520-15ikba Version-
HpR720-15ikbn Firmware Version < 4gcn38ww
   HpR720-15ikbn Version-
HpY520-15ikbn Firmware Version < 4gcn38ww
   HpY520-15ikbn Version-
HpY720-15ikb Firmware Version < 4gcn38ww
   HpY720-15ikb Version-
HpLenovo Y720-15ikb Firmware Version < 4gcn38ww
   HpLenovo Y720-15ikb Version-
HpE43-80 Kbl Firmware Version < 4.07
   HpE43-80 Kbl Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.406
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 0.7 5.2
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 7 6.8 7.8
AV:N/AC:M/Au:S/C:N/I:P/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.