CVE-2018-9069

EPSS 0.21%
Published 02.10.2018 13:29:00
Last modified 21.11.2024 04:14:54
Source psirt@lenovo.com
Teams watchlist Login
Open Login

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Hp ≫ 310s-14isk Firmware Version < 1.15

Hp ≫ 310s-14isk Version-

Hp ≫ 320-15ikbra Firmware Version < 6jcn24ww

Hp ≫ 320-15ikbra Version-

Hp ≫ 320-15ikbrn Firmware Version < 6jcn24ww

Hp ≫ 320-15ikbrn Version-

Hp ≫ 320-15ikbrn Touch Firmware Version < 6jcn24ww

Hp ≫ 320-15ikbrn Touch Version-

Hp ≫ 320-17ikbrn Version < 2.09

Hp ≫ 320-17ikbrn Version-

Hp ≫ 320s-14ikb Version < 2.09

Hp ≫ 320s-14ikb Version-

Hp ≫ 320s-15ikb Firmware Version < 2.09

Hp ≫ 320s-15ikb Version-

Hp ≫ 320s-15isk Firmware Version < 2wcn38ww

Hp ≫ 320s-15isk Version-

Hp ≫ 510s-14isk Firmware Version < 1.15

Hp ≫ 510s-14isk Version-

Hp ≫ 520-15ikbrn Firmware Version < 6jcn26ww

Hp ≫ 520-15ikbrn Version-

Hp ≫ 520s-14ikb Firmware Version < 2.09

Hp ≫ 520s-14ikb Version-

Hp ≫ 710s Plus-13ikb 16g Firmware Version < 2.55

Hp ≫ 710s Plus-13ikb 16g Version-

Hp ≫ 710s Plus-3ikb Firmware Version < 2.55

Hp ≫ 710s Plus-3ikb Version-

Hp ≫ Xiaoxinair13ikbpro Firmware Version < 2.55

Hp ≫ Xiaoxinair13ikbpro Version-

Hp ≫ 710s Plus Touch-13ikb Firmware Version < 2.55

Hp ≫ 710s Plus Touch-13ikb Version-

Hp ≫ 720s-13ikb Firmware Version < 5scn38ww

Hp ≫ 720s-13ikb Version-

Hp ≫ B320-14ikb Firmware Version-

Hp ≫ B320-14ikb Version-

Lenovo ≫ E42-80 Firmware Version < 2wcn38ww

Hp ≫ E42-80 Version-

Lenovo ≫ E52-80 Firmware Version < 2wcn38ww

Hp ≫ E52-80 Version-

Hp ≫ Flex 4-1470 Firmware Version < 1.15

Hp ≫ Flex 4-1470 Version-

Hp ≫ Flex 5-1470 Firmware Version < 2.09

Hp ≫ Flex 5-1470 Version-

Hp ≫ Flex 5-1570 Firmware Version < 2.09

Hp ≫ Flex 5-1570 Version-

Hp ≫ Ideapad 2in1 14 Firmware Version-

Hp ≫ Ideapad 2in1 14 Version-

Hp ≫ Lenovo Ideapad 320-14ikb(i+a) Firmware Version-

Hp ≫ Lenovo Ideapad 320-14ikb(i+a) Version-

Hp ≫ Lenovo Ideapad 320-14ikb(i+n) Firmware Version-

Hp ≫ Lenovo Ideapad 320-14ikb(i+n) Version-

Hp ≫ Lenovo Ideapad 320-15abr Firmware Version-

Hp ≫ Lenovo Ideapad 320-15abr Version-

Hp ≫ Lenovo Ideapad 320-15ikb(i+n) Firmware Version-

Hp ≫ Lenovo Ideapad 320-15ikb(i+n) Version-

Hp ≫ Lenovo Ideapad 320s-14ikbr Firmware Version-

Hp ≫ Lenovo Ideapad 320s-14ikbr Version-

Hp ≫ Lenovo Ideapad 320s-15ikbr Firmware Version-

Hp ≫ Lenovo Ideapad 320s-15ikbr Version-

Hp ≫ Lenovo Ideapad 520s-14ikbr Firmware Version-

Hp ≫ Lenovo Ideapad 520s-14ikbr Version-

Hp ≫ Lenovo Ideapad 720s-14ikb Firmware Version < 6jcn26ww

Hp ≫ Lenovo Ideapad 720s-14ikb Version-

Hp ≫ Lenovo Ideapad Flex 5-1470 Firmware Version < 6jcn26ww

Hp ≫ Lenovo Ideapad Flex 5-1470 Version-

Hp ≫ Lenovo Ideapad Flex 5-1570 Firmware Version < 6jcn26ww

Hp ≫ Lenovo Ideapad Flex 5-1570 Version-

Hp ≫ Lenovo Ideapad Y520-15ikbn Firmware Version-

Hp ≫ Lenovo Ideapad Y520-15ikbn Version-

Hp ≫ Lenovo Tianyi 310-14ikb Firmware Version-

Hp ≫ Lenovo Tianyi 310-14ikb Version-

Hp ≫ Lenovo Tianyi 310-15ikb Firmware Version-

Hp ≫ Lenovo Tianyi 310-15ikb Version-

Hp ≫ Lenovo Y520-15ikba Firmware Version < 5jcn25ww

Hp ≫ Lenovo Y520-15ikba Version-

Hp ≫ Lenovo Y520-15ikbm Firmware Version < 5jcn25ww

Hp ≫ Lenovo Y520-15ikbm Version-

Hp ≫ Lenovo Yoga 520-14ikb Firmware Version < 6jcn26ww

Hp ≫ Lenovo Yoga 520-14ikb Version-

Hp ≫ Lenovo Yoga 520-15ikb Firmware Version < 6jcn26ww

Hp ≫ Lenovo Yoga 520-15ikb Version-

Hp ≫ Miix 720-12ikb Version < 3scn66ww

Hp ≫ Miix 720-12ikb Version-

Hp ≫ Nano110-14ikb Firmware Version-

Hp ≫ Nano110-14ikb Version-

Hp ≫ Nano110-15ikb Firmware Version < 5xcn24ww

Hp ≫ Nano110-15ikb Version-

Hp ≫ Rescuer R720-15ikbm Firmware Version < 5xcn24ww

Hp ≫ Rescuer R720-15ikbm Version-

Hp ≫ Rescuer Y520-15ikbm Firmware Version < 5xcn24ww

Hp ≫ Rescuer Y520-15ikbm Version-

Lenovo ≫ V310-14ikb Firmware Version < 2wcn38ww

Hp ≫ V310-14ikb Version-

Lenovo ≫ V310-14isk Firmware Version < 4.07

Hp ≫ V310-14isk Version-

Lenovo ≫ V310-15ikb Firmware Version < 2wcn38ww

Hp ≫ V310-15ikb Version-

Lenovo ≫ V310-15isk Firmware Version < 0zcn47ww

Hp ≫ V310-15isk Version-

Hp ≫ V330-14ikb Firmware Version < 4.07

Hp ≫ V330-14ikb Version-

Hp ≫ V330-14isk Firmware Version < 4.07

Hp ≫ V330-14isk Version-

Lenovo ≫ V510-14ikb Firmware Version < 2wcn38ww

Hp ≫ V510-14ikb Version-

Lenovo ≫ V510-15ikb Firmware Version < 2wcn38ww

Hp ≫ V510-15ikb Version-

Hp ≫ Yoga 310-11iap Firmware Version < 6.7

Hp ≫ Yoga 310-11iap Version-

Hp ≫ Yoga 510-14isk Firmware Version < 1.15

Hp ≫ Yoga 510-14isk Version-

Hp ≫ Yoga 720-13ikb Firmware Version < 2.05

Hp ≫ Yoga 720-13ikb Version-

Hp ≫ Yoga 720-13ikbr Firmware Version < 2.07

Hp ≫ Yoga 720-13ikbr Version-

Hp ≫ Yoga 720-15ikb Firmware Version < 2.05

Hp ≫ Yoga 720-15ikb Version-

Hp ≫ Lenovo V720-14 Firmware Version < 2.12

Hp ≫ Lenovo V720-14 Version-

Hp ≫ 7000 U42 Firmware Version < 2.09

Hp ≫ 7000 U42 Version-

Hp ≫ 7000-15 U42 Firmware Version < 2.09

Hp ≫ 7000-15 U42 Version-

Hp ≫ R720-15ikba Firmware Version < 5jcn25ww

Hp ≫ R720-15ikba Version-

Hp ≫ Y520-15ikba Firmware Version < 5jcn25ww

Hp ≫ Y520-15ikba Version-

Hp ≫ R720-15ikbn Firmware Version < 4gcn38ww

Hp ≫ R720-15ikbn Version-

Hp ≫ Y520-15ikbn Firmware Version < 4gcn38ww

Hp ≫ Y520-15ikbn Version-

Hp ≫ Y720-15ikb Firmware Version < 4gcn38ww

Hp ≫ Y720-15ikb Version-

Hp ≫ Lenovo Y720-15ikb Firmware Version < 4gcn38ww

Hp ≫ Lenovo Y720-15ikb Version-

Hp ≫ E43-80 Kbl Firmware Version < 4.07

Hp ≫ E43-80 Kbl Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.406

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	0.7	5.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	7	6.8	7.8	AV:N/AC:M/Au:S/C:N/I:P/A:C

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://support.lenovo.com/us/en/solutions/LEN-20184

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-9069

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-9069

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-9069

EUVD