Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader; Press Control-F10 to open an accessibility menu.

ThinkPad BIOS Vulnerabilities

ThinkPad BIOS Vulnerabilities

ThinkPad BIOS Vulnerabilities

Lenovo Security Advisory: LEN-84943

Potential Impact: Privilege escalation

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2022-1107, CVE-2022-1108

 

Summary Description:

The following vulnerabilities were reported in ThinkPad BIOS.

CVE-2022-1107: During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

CVE-2022-1108: A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

 

Mitigation Strategy for Customers (what you should do to protect yourself):

Update system firmware to the version (or newer) indicated for your model in the Product Impact section.

 

Product Impact:

To download the version specified for your product below, follow these steps:

Navigate to the Drivers & Software support site for your product:

  1. Search for your product by name or machine type.
  2. Click Drivers & Software on the left menu panel.
  3. Click on Manual Update to browse by Component type.
  4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:

PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759

Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center

 

Click below links to view affected products:

ThinkPad

 

Acknowledgement:

CVE-2022-1108: Lenovo thanks Jiawei Yin(@yngweijw) and Menghao Li of IIE varas

 

Revision History:

Revision Date Description
2023-09-28 Updated Product Impact
5 2022-07-08 Updated Product Impact
4 2022-06-13 Updated Product Impact
3 2022-05-24 Updated Product Impact
2 2022-04-29 Updated Summary Description and Acknowledgement
1 2022-04-12 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

 

Product Impact:

ThinkPad

Product Component CVE-2022-1107 CVE-2022-1108
11e (Type 20D9, 20DA) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit) - ThinkPad 11e (Type 20D9, 20DA), Yoga 11e (Type 20D9, 20DA) N15ET78W Not Affected
Helix (Type 20CG, 20CH) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit) - ThinkPad Helix (Type 20CG, 20CH) N17ETA8W Not Affected
L560 Laptop (ThinkPad) BIOS Update (Utility & Bootable) for Windows 10, 8.1, 7 (64-bit), 7 (32-bit), Linux - ThinkPad L560 N1HET85W Not Affected
L570 (type 20J8, 20J9) Laptops (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) and Linux - ThinkPad L570 N1XET65W Not Affected
L570 (type 20JQ, 20JR) Laptops (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) and Linux - ThinkPad L570 N1XET65W Not Affected
P50s Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit), 7 (32-bit, 64-bit) and Linux - ThinkPad P50s, T560 N1KET46W Not Affected
P51s (Type 20HB, 20HC) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit & 32-bit), Linux - ThinkPad T570, P51s N1VET50W Not Affected
P51s (Type 20JY, 20K0) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit & 32-bit), Linux - ThinkPad T570, P51s N1VET50W Not Affected
P52s (Type 20LB, 20LC) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit), Linux - ThinkPad P52s, T580 N27ET36W Not Affected
S540 Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit), 8 (64-bit), 7 (32-bit, 64-bit) - ThinkPad S540 GPET80WW Not Affected
T480 (Type 20L5, 20L6) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit), Linux - ThinkPad T480 N24ET69W Not Affected
T480s (type 20L7, 20L8) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit), Linux - ThinkPad T480s N22ET73W Not Affected
T550 Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad T550, W550s N11ET50W Not Affected
T560 Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit), 7 (32-bit, 64-bit) and Linux - ThinkPad P50s, T560 N1KET46W Not Affected
T570 (Type 20H9,20HA) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit & 32-bit), Linux - ThinkPad T570, P51s N1VET50W Not Affected
T570 (Type 20JW, 20JX) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit & 32-bit), Linux - ThinkPad T570, P51s N1VET50W Not Affected
T580 (Type 20L9, 20LA) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit), Linux - ThinkPad P52s, T580 N27ET36W Not Affected
ThinkPad X1 Tablet 1st Gen (Type 20GG, 20GH) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit) - ThinkPad X1 Tablet (Type 20GG, 20GH) N1LET86W Not Affected
ThinkPad X1 Tablet 2nd Gen (Type 20JB, 20JC) BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit) - ThinkPad X1 Tablet Gen 2 (Type 20JB, 20JC) N1OET50W Not Affected
W540 Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 8 (64-bit), 7 (32-bit, 64-bit) - ThinkPad W540, W541 GNET92WW Not Affected
W541 Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 8 (64-bit), 7 (32-bit, 64-bit) - ThinkPad W540, W541 GNET92WW Not Affected
W550s Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad T550, W550s N11ET50W Not Affected
X1 Carbon 3rd Gen (Type 20BS, 20BT) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad X1 Carbon (Type 20BS, 20BT) N14ET52W Not Affected
X1 Carbon 4th Gen (Type 20FB, 20FC) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit), 7 (64-bit, 32-bit), Linux - ThinkPad X1 Carbon (Type 20FB, 20FC), X1 Yoga (Type 20FQ, 20FR) N1FET70W Not Affected
X1 Carbon 5th Gen - Kabylake (Type 20HR, 20HQ) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit), Linux - ThinkPad X1 Carbon (Type 20HQ, 20HR, 20K3, 20K4) N1MET55W Not Affected
X1 Carbon 5th Gen - Skylake (Type 20K4, 20K3) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit), Linux - ThinkPad X1 Carbon (Type 20HQ, 20HR, 20K3, 20K4) N1MET55W Not Affected
X1 Carbon 6th Gen - (Type 20KH, 20KG) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit) - ThinkPad X1 Carbon (Type 20KH, 20KG) N23ET81W Not Affected
X1 Fold Gen 1 (Type 20RK, 20RL) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit) - ThinkPad X1 Fold Gen 1 (Type 20RK, 20LK) Not Affected N2PET50W
X1 Yoga 1st Gen (Type 20FQ, 20FR) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit), 7 (64-bit, 32-bit), Linux - ThinkPad X1 Carbon (Type 20FB, 20FC), X1 Yoga (Type 20FQ, 20FR) N1FET70W Not Affected
X1 Yoga 2nd Gen (Type 20JD, 20JE, 20JF, 20JG) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit) and Linux - ThinkPad X1 Yoga (Type 20JD, 20JE, 20JF, 20JG) N1NET47W Not Affected
X1 Yoga 3rd Gen (Type 20LD, 20LE, 20LF, 20LG) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit), Linux - ThinkPad X1 Yoga 3rd Gen (Types 20LD, 20LE, 20LF, 20LG) N25ET50W Not Affected
X250 Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit), 7 (32-bit) - ThinkPad X250 N10ET58W Not Affected
X250 Laptop (ThinkPad) Lenovo BIOS Validation Utility for Windows 10 (64-bit), 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad X250 N10ET58W Not Affected
X280 (Type 20KF, 20KE) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit) and Linux - ThinkPad X280 N20ET44W Not Affected
X390 Yoga Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit) & Linux - ThinkPad X390 Yoga N2LET60W Not Affected
Yoga 11e (Type 20D9, 20DA) Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit) - ThinkPad 11e (Type 20D9, 20DA), Yoga 11e (Type 20D9, 20DA) N15ET78W Not Affected
Yoga 15 Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit) - ThinkPad Yoga 15 N19ET61W Not Affected
Yoga 260 Laptop (ThinkPad) BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad Yoga 260 N1GET98W Not Affected

Alias Id:LEN-84943
Document ID:PS500480
Original Publish Date:04/12/2022
Last Modified Date:09/28/2023