Vulnerability Description
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | System Management Module Firmware | < 1.06 |
| Lenovo | Thinkagile Hx Enclosure 7X81 | - |
| Lenovo | Thinkagile Hx Enclosure 7Y87 | - |
| Lenovo | Thinkagile Hx Enclosure 7Z02 | - |
| Lenovo | Thinkagile Vx Enclosure 7Y11 | - |
| Lenovo | Thinkagile Vx Enclosure 7Y91 | - |
| Lenovo | Thinksystem D2 Enclosure 7X20 | - |
| Lenovo | Thinksystem Modular Enclosure 7X22 | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/solutions/LEN-24374Vendor Advisory
- https://support.lenovo.com/us/en/solutions/LEN-24374Vendor Advisory
FAQ
What is CVE-2018-16091?
CVE-2018-16091 is a vulnerability with a CVSS score of 8.1 (HIGH). In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.
How severe is CVE-2018-16091?
CVE-2018-16091 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16091?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo System Management Module Firmware, Lenovo Thinkagile Hx Enclosure 7X81, Lenovo Thinkagile Hx Enclosure 7Y87, Lenovo Thinkagile Hx Enclosure 7Z02, Lenovo Thinkagile Vx Enclosure 7Y11.