Bluetooth “BlueBorne” Vulnerabilities
Bluetooth “BlueBorne” Vulnerabilities
Bluetooth “BlueBorne” Vulnerabilities
Lenovo Security Advisory: LEN-17125
Potential Impact: Remote code execution
Severity: High
Scope of Impact: Industry wide
CVE Identifier: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-8628, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251
Summary Description:
A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" have been identified that affect Windows, iOS, and Linux-kernel-based operating systems. In worst case scenarios, these vulnerabilities allow an unauthenticated attacker to perform commands on affected devices.
Mitigation Strategy for Consumers (what you should do to protect yourself):
Patches are available in the latest patch releases from Windows (see Microsoft bulletin), iOS, Linux providers, and Android (see September 2017 security bulletin).
U.S.-based phone and other mobile device users running Android are advised to regularly check this advisory page. Due to the complexity of the U.S. mobile ecosystem, which typically requires manufacturer and carrier support to push updates, updates are in progress. Users are encouraged to accept updates to their Android device upon receiving notifications to update their operating system.
If an update is not available, affected users should consider disabling Bluetooth on affected devices if Bluetooth is unused or unnecessary.
Please click for more info.
References:
https://www.kb.cert.org/vuls/id/240311
https://www.armis.com/blueborne/#/technical
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8628
https://source.android.com/security/bulletin/2017-09-01
https://access.redhat.com/security/vulnerabilities/blueborne
For a complete list of all Lenovo Product Security Advisories, click here.
Revision History:
Revision |
Date |
Description |
7 | 01/23/2019 | Updated Tablet status |
6 | 07/19/2018 | Added Lenovo Smart Assistant fix information. |
5 | 06/27/2018 | Added fix and updated target availability dates for Tablet. |
4 | 06/14/2018 | Added fix and updated target availability dates for Tablet. |
3 | 06/07/2018 | Added fixes for Tablet. |
2 | 01-24-2018 | Added Tablet status |
1 |
9/18/2017 |
Initial Release |
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Lenovo has updated the firmware automatically to version 12.1.82 through the usual OTA process (Over The Air). You can use the Lenovo Link App to confirm you have this version or later. In the app’s menu under “Settings,” the version is displayed as “Firmware automatic upgrade v12.1.82.”
When the updated software version is available, the device will prompt you to download and install it.
Refer to How to upgrade your phone/tablet system - Smartphone/Tablet for additional instructions on how to update your Tablet.
Product | Status | Minimum Fix Version | Minimum Fix Version - PRC | Last Updated |
Lenovo TB3-X70F | Affected | TB3-X70F_S000028_180108_ROW | TB3-X70F_S000021_180108_PRC | 6/7/2018 |
Lenovo TB3-X70I | Affected | TB3-X70I_S000001_180124_ID | NA | 6/7/2018 |
Lenovo TB3-X70L | Affected | TB3-X70L_S000022_180116_ROW | NA | 6/7/2018 |
Lenovo TB3-X70N | Affected | NA | TB3-X70N_S000005_180131_PRC_P | 6/7/2018 |
Lenovo TB-7304F | Affected | TB-7304F_S000060_171019_ROW | NA | 1/23/2019 |
Lenovo TB-7304I | Affected | TB-7304I_S000041_171018_ROW | NA | 1/23/2019 |
Lenovo TB-7304X | Affected | TB-7304X_S000038_180126_ROW | NA | 1/23/2019 |
Lenovo TB-7504F | Affected | TB-7504F_S000022_171103_ROW | TB-7504F_S000025_180911_PRC | 1/23/2019 |
Lenovo TB-7504X | Affected | TB-7504X_S000037_171104_ROW | NA | 1/23/2019 |
Lenovo TB-8504F | Affected | TB-8504F_USR_S000050_1711250656_Q12000_ROW | NA | 6/19/2018 |
Lenovo TB-8504L | Affected | TB-8504L_S000020_171225_ROW | NA | 6/27/2018 |
Lenovo TB-8504X | Affected | TB-8504X_USR_S000046_1711250620_Q12000_ROW | NA | 1/24/2018 |
Lenovo TB-8704F | Affected | TB-8704F_USR_S000030_1711231105_Q1241_ROW | NA | 1/24/2018 |
Lenovo TB-8704V (Verizon) | Affected | TB-X704V_S000038_171219_ROW | NA | 6/27/2018 |
Lenovo TB-8704V (LRA) | Affected | TB-8704V_S000006_171227_LRA | NA | 6/7/2018 |
Lenovo TB-8704X | Affected | TB-8704X_USR_S000033_1711231116_Q1241_ROW | NA | 6/7/2018 |
Lenovo TB-8804F | Affected | NA | TB-8804F_USR_S000022_1801022155_Q1241_PRC | 6/27/2018 |
Lenovo TB-X304F | Affected | TB-X304F_S000048_180119_ROW | TB-X304F_S000033_180306_PRC | 6/7/2018 |
Lenovo TB-X304L | Affected | TB-X304L_S000045_180126_ROW | NA | 6/7/2018 |
Lenovo TB-X304N | Affected | NA | TB-X304N_S000038_180320_PRC | 6/7/2018 |
Lenovo TB-X304X | Affected | No plan to fix | No plan to fix | 6/27/2018 |
Lenovo TB-X704A | Affected | TB-X704A_S000064_171218_ATT | NA | 6/7/2018 |
Lenovo TB-X704F | Affected | TB-X704F_S000053_180122_ROW | TB-X704F_S000053_180306_PRC | 6/7/2018 |
Lenovo TB-X704L | Affected | TB-X704L_S000053_180129_ROW | NA | 6/7/2018 |
Lenovo TB-X704V | Affected | TB-X704V_S000004_171218_LRA | NA | 6/7/2018 |
Lenovo TB-X704Y | Affected | No plan to fix | No plan to fix | 6/27/2018 |
Lenovo YT-X703F | Affected | YT-X703F_USR_S000963_1711112111_Q00140_ROW | YT-X703F_USR_S000963_1711112134_Q00140_PRC | 6/7/2018 |
Lenovo YT-X703L | Affected | YT-X703L_USR_S000963_1711112151_Q00140_ROW | YT-X703L_USR_S000960_1710250130_Q00140_PRC | 6/7/2018 |
Lenovo YT-X703X | Affected | YT-X703X_USR_S000963_1711112116_Q00140_ROW | NA | 6/7/2018 |
Your feedback helps to improve the overall experience