Bluetooth “BlueBorne” Vulnerabilities

Bluetooth “BlueBorne” Vulnerabilities

Bluetooth “BlueBorne” Vulnerabilities

Lenovo Security Advisory: LEN-17125

Potential Impact: Remote code execution

Severity: High

Scope of Impact: Industry wide

CVE Identifier: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-8628, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251

Summary Description:

A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" have been identified that affect Windows, iOS, and Linux-kernel-based operating systems. In worst case scenarios, these vulnerabilities allow an unauthenticated attacker to perform commands on affected devices.

Mitigation Strategy for Consumers (what you should do to protect yourself):

Patches are available in the latest patch releases from Windows (see Microsoft bulletin), iOS, Linux providers, and Android (see September 2017 security bulletin).

U.S.-based phone and other mobile device users running Android are advised to regularly check this advisory page. Due to the complexity of the U.S. mobile ecosystem, which typically requires manufacturer and carrier support to push updates, updates are in progress. Users are encouraged to accept updates to their Android device upon receiving notifications to update their operating system.


If an update is not available, affected users should consider disabling Bluetooth on affected devices if Bluetooth is unused or unnecessary.

Product Impact:

Please click for more info.

Tablet

Lenovo Smart Assistant

References:

https://www.kb.cert.org/vuls/id/240311

https://www.armis.com/blueborne/#/technical

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8628

https://source.android.com/security/bulletin/2017-09-01

https://access.redhat.com/security/vulnerabilities/blueborne

For a complete list of all Lenovo Product Security Advisories, click here.

Revision History:

Revision

Date

Description

7 01/23/2019 Updated Tablet status
6 07/19/2018 Added Lenovo Smart Assistant fix information.
5 06/27/2018 Added fix and updated target availability dates for Tablet.
4 06/14/2018 Added fix and updated target availability dates for Tablet.
3 06/07/2018 Added fixes for Tablet.
2 01-24-2018 Added Tablet status

1

9/18/2017

Initial Release

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Lenovo Smart Assistant

Lenovo has updated the firmware automatically to version 12.1.82 through the usual OTA process (Over The Air). You can use the Lenovo Link App to confirm you have this version or later. In the app’s menu under “Settings,” the version is displayed as “Firmware automatic upgrade v12.1.82.”

Back to Top>

Tablet

When the updated software version is available, the device will prompt you to download and install it.

Refer to How to upgrade your phone/tablet system - Smartphone/Tablet for additional instructions on how to update your Tablet.

Product Status Minimum Fix Version Minimum Fix Version - PRC Last Updated
Lenovo TB3-X70F Affected TB3-X70F_S000028_180108_ROW TB3-X70F_S000021_180108_PRC 6/7/2018
Lenovo TB3-X70I Affected TB3-X70I_S000001_180124_ID NA 6/7/2018
Lenovo TB3-X70L Affected TB3-X70L_S000022_180116_ROW NA 6/7/2018
Lenovo TB3-X70N Affected NA TB3-X70N_S000005_180131_PRC_P 6/7/2018
Lenovo TB-7304F Affected TB-7304F_S000060_171019_ROW NA 1/23/2019
Lenovo TB-7304I Affected TB-7304I_S000041_171018_ROW NA 1/23/2019
Lenovo TB-7304X Affected TB-7304X_S000038_180126_ROW NA 1/23/2019
Lenovo TB-7504F Affected TB-7504F_S000022_171103_ROW TB-7504F_S000025_180911_PRC 1/23/2019
Lenovo TB-7504X Affected TB-7504X_S000037_171104_ROW NA 1/23/2019
Lenovo TB-8504F Affected TB-8504F_USR_S000050_1711250656_Q12000_ROW NA 6/19/2018
Lenovo TB-8504L Affected TB-8504L_S000020_171225_ROW NA 6/27/2018
Lenovo TB-8504X Affected TB-8504X_USR_S000046_1711250620_Q12000_ROW NA 1/24/2018
Lenovo TB-8704F Affected TB-8704F_USR_S000030_1711231105_Q1241_ROW NA 1/24/2018
Lenovo TB-8704V (Verizon) Affected TB-X704V_S000038_171219_ROW NA 6/27/2018
Lenovo TB-8704V (LRA) Affected TB-8704V_S000006_171227_LRA NA 6/7/2018
Lenovo TB-8704X Affected TB-8704X_USR_S000033_1711231116_Q1241_ROW NA 6/7/2018
Lenovo TB-8804F Affected NA TB-8804F_USR_S000022_1801022155_Q1241_PRC 6/27/2018
Lenovo TB-X304F Affected TB-X304F_S000048_180119_ROW TB-X304F_S000033_180306_PRC 6/7/2018
Lenovo TB-X304L Affected TB-X304L_S000045_180126_ROW NA 6/7/2018
Lenovo TB-X304N Affected NA TB-X304N_S000038_180320_PRC 6/7/2018
Lenovo TB-X304X Affected No plan to fix No plan to fix 6/27/2018
Lenovo TB-X704A Affected TB-X704A_S000064_171218_ATT NA 6/7/2018
Lenovo TB-X704F Affected TB-X704F_S000053_180122_ROW TB-X704F_S000053_180306_PRC 6/7/2018
Lenovo TB-X704L Affected TB-X704L_S000053_180129_ROW NA 6/7/2018
Lenovo TB-X704V Affected TB-X704V_S000004_171218_LRA NA 6/7/2018
Lenovo TB-X704Y Affected No plan to fix No plan to fix 6/27/2018
Lenovo YT-X703F Affected YT-X703F_USR_S000963_1711112111_Q00140_ROW YT-X703F_USR_S000963_1711112134_Q00140_PRC 6/7/2018
Lenovo YT-X703L Affected YT-X703L_USR_S000963_1711112151_Q00140_ROW YT-X703L_USR_S000960_1710250130_Q00140_PRC 6/7/2018
Lenovo YT-X703X Affected YT-X703X_USR_S000963_1711112116_Q00140_ROW NA 6/7/2018


別名 Id:LEN-17125
文件ID:PS500141
原始發布日期:09/18/2017
Last Modified Date:05/09/2019