ThinkPad BIOS Vulnerabilities
ThinkPad BIOS Vulnerabilities
ThinkPad BIOS Vulnerabilities
Lenovo Security Advisory: LEN-84943
Potential Impact: Privilege escalation
Severity: Medium
Scope of Impact: Lenovo-specific
CVE Identifier: CVE-2022-1107, CVE-2022-1108
Summary Description:
The following vulnerabilities were reported in ThinkPad BIOS.
CVE-2022-1107: During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
CVE-2022-1108: A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update system firmware to the version (or newer) indicated for your model in the Product Impact section.
To download the version specified for your product below, follow these steps:
Navigate to the Drivers & Software support site for your product:
- Lenovo Products (sold worldwide, except in China): https://support.lenovo.com/
- Lenovo Products (sold in China): https://newsupport.lenovo.com.cn/
- IBM-branded System x Legacy Products: https://www.ibm.com/support/fixcentral/
- Search for your product by name or machine type.
- Click Drivers & Software on the left menu panel.
- Click on Manual Update to browse by Component type.
- Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.
Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:
PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759
Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center
Click below links to view affected products:
Acknowledgement:
CVE-2022-1108: Lenovo thanks Jiawei Yin(@yngweijw) and Menghao Li of IIE varas
Revision History:
Revision | Date | Description |
---|---|---|
6 | 2023-09-28 | Updated Product Impact |
5 | 2022-07-08 | Updated Product Impact |
4 | 2022-06-13 | Updated Product Impact |
3 | 2022-05-24 | Updated Product Impact |
2 | 2022-04-29 | Updated Summary Description and Acknowledgement |
1 | 2022-04-12 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Product Impact:
Product | Component | CVE-2022-1107 | CVE-2022-1108 |
11e (Type 20D9, 20DA) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit) - ThinkPad 11e (Type 20D9, 20DA), Yoga 11e (Type 20D9, 20DA) | N15ET78W | Not Affected |
Helix (Type 20CG, 20CH) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit) - ThinkPad Helix (Type 20CG, 20CH) | N17ETA8W | Not Affected |
L560 Laptop (ThinkPad) | BIOS Update (Utility & Bootable) for Windows 10, 8.1, 7 (64-bit), 7 (32-bit), Linux - ThinkPad L560 | N1HET85W | Not Affected |
L570 (type 20J8, 20J9) Laptops (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) and Linux - ThinkPad L570 | N1XET65W | Not Affected |
L570 (type 20JQ, 20JR) Laptops (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) and Linux - ThinkPad L570 | N1XET65W | Not Affected |
P50s Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit), 7 (32-bit, 64-bit) and Linux - ThinkPad P50s, T560 | N1KET46W | Not Affected |
P51s (Type 20HB, 20HC) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit & 32-bit), Linux - ThinkPad T570, P51s | N1VET50W | Not Affected |
P51s (Type 20JY, 20K0) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit & 32-bit), Linux - ThinkPad T570, P51s | N1VET50W | Not Affected |
P52s (Type 20LB, 20LC) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit), Linux - ThinkPad P52s, T580 | N27ET36W | Not Affected |
S540 Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit), 8 (64-bit), 7 (32-bit, 64-bit) - ThinkPad S540 | GPET80WW | Not Affected |
T480 (Type 20L5, 20L6) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit), Linux - ThinkPad T480 | N24ET69W | Not Affected |
T480s (type 20L7, 20L8) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit), Linux - ThinkPad T480s | N22ET73W | Not Affected |
T550 Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad T550, W550s | N11ET50W | Not Affected |
T560 Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit), 7 (32-bit, 64-bit) and Linux - ThinkPad P50s, T560 | N1KET46W | Not Affected |
T570 (Type 20H9,20HA) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit & 32-bit), Linux - ThinkPad T570, P51s | N1VET50W | Not Affected |
T570 (Type 20JW, 20JX) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit & 32-bit), Linux - ThinkPad T570, P51s | N1VET50W | Not Affected |
T580 (Type 20L9, 20LA) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit), Linux - ThinkPad P52s, T580 | N27ET36W | Not Affected |
ThinkPad X1 Tablet 1st Gen (Type 20GG, 20GH) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit) - ThinkPad X1 Tablet (Type 20GG, 20GH) | N1LET86W | Not Affected |
ThinkPad X1 Tablet 2nd Gen (Type 20JB, 20JC) | BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit) - ThinkPad X1 Tablet Gen 2 (Type 20JB, 20JC) | N1OET50W | Not Affected |
W540 Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 8 (64-bit), 7 (32-bit, 64-bit) - ThinkPad W540, W541 | GNET92WW | Not Affected |
W541 Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 8 (64-bit), 7 (32-bit, 64-bit) - ThinkPad W540, W541 | GNET92WW | Not Affected |
W550s Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad T550, W550s | N11ET50W | Not Affected |
X1 Carbon 3rd Gen (Type 20BS, 20BT) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad X1 Carbon (Type 20BS, 20BT) | N14ET52W | Not Affected |
X1 Carbon 4th Gen (Type 20FB, 20FC) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit), 7 (64-bit, 32-bit), Linux - ThinkPad X1 Carbon (Type 20FB, 20FC), X1 Yoga (Type 20FQ, 20FR) | N1FET70W | Not Affected |
X1 Carbon 5th Gen - Kabylake (Type 20HR, 20HQ) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit), Linux - ThinkPad X1 Carbon (Type 20HQ, 20HR, 20K3, 20K4) | N1MET55W | Not Affected |
X1 Carbon 5th Gen - Skylake (Type 20K4, 20K3) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit), Linux - ThinkPad X1 Carbon (Type 20HQ, 20HR, 20K3, 20K4) | N1MET55W | Not Affected |
X1 Carbon 6th Gen - (Type 20KH, 20KG) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit) - ThinkPad X1 Carbon (Type 20KH, 20KG) | N23ET81W | Not Affected |
X1 Fold Gen 1 (Type 20RK, 20RL) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit) - ThinkPad X1 Fold Gen 1 (Type 20RK, 20LK) | Not Affected | N2PET50W |
X1 Yoga 1st Gen (Type 20FQ, 20FR) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit), 8.1 (64-bit), 7 (64-bit, 32-bit), Linux - ThinkPad X1 Carbon (Type 20FB, 20FC), X1 Yoga (Type 20FQ, 20FR) | N1FET70W | Not Affected |
X1 Yoga 2nd Gen (Type 20JD, 20JE, 20JF, 20JG) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10 (64-bit) and Linux - ThinkPad X1 Yoga (Type 20JD, 20JE, 20JF, 20JG) | N1NET47W | Not Affected |
X1 Yoga 3rd Gen (Type 20LD, 20LE, 20LF, 20LG) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit), Linux - ThinkPad X1 Yoga 3rd Gen (Types 20LD, 20LE, 20LF, 20LG) | N25ET50W | Not Affected |
X250 Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit), 7 (32-bit) - ThinkPad X250 | N10ET58W | Not Affected |
X250 Laptop (ThinkPad) | Lenovo BIOS Validation Utility for Windows 10 (64-bit), 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad X250 | N10ET58W | Not Affected |
X280 (Type 20KF, 20KE) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit) and Linux - ThinkPad X280 | N20ET44W | Not Affected |
X390 Yoga Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 11, 10 (64-bit) & Linux - ThinkPad X390 Yoga | N2LET60W | Not Affected |
Yoga 11e (Type 20D9, 20DA) Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit) - ThinkPad 11e (Type 20D9, 20DA), Yoga 11e (Type 20D9, 20DA) | N15ET78W | Not Affected |
Yoga 15 Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1, 7 (64-bit) - ThinkPad Yoga 15 | N19ET61W | Not Affected |
Yoga 260 Laptop (ThinkPad) | BIOS Update (Utility & Bootable CD) for Windows 10, 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad Yoga 260 | N1GET98W | Not Affected |
Your feedback helps to improve the overall experience