Vulnerability Description
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | 310S-14Isk Firmware | < 1.15 |
| Hp | 310S-14Isk | - |
| Hp | 320-15Ikbra Firmware | < 6jcn24ww |
| Hp | 320-15Ikbra | - |
| Hp | 320-15Ikbrn Firmware | < 6jcn24ww |
| Hp | 320-15Ikbrn | - |
| Hp | 320-15Ikbrn Touch Firmware | < 6jcn24ww |
| Hp | 320-15Ikbrn Touch | - |
| Hp | 320-17Ikbrn | < 2.09 |
| Hp | 320S-14Ikb | < 2.09 |
| Hp | 320S-15Ikb Firmware | < 2.09 |
| Hp | 320S-15Ikb | - |
| Hp | 320S-15Isk Firmware | < 2wcn38ww |
| Hp | 320S-15Isk | - |
| Hp | 510S-14Isk Firmware | < 1.15 |
| Hp | 510S-14Isk | - |
| Hp | 520-15Ikbrn Firmware | < 6jcn26ww |
| Hp | 520-15Ikbrn | - |
| Hp | 520S-14Ikb Firmware | < 2.09 |
| Hp | 520S-14Ikb | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/solutions/LEN-20184Vendor Advisory
- https://support.lenovo.com/us/en/solutions/LEN-20184Vendor Advisory
FAQ
What is CVE-2018-9069?
CVE-2018-9069 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator ac...
How severe is CVE-2018-9069?
CVE-2018-9069 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9069?
Check the references section above for vendor advisories and patch information. Affected products include: Hp 310S-14Isk Firmware, Hp 310S-14Isk, Hp 320-15Ikbra Firmware, Hp 320-15Ikbra, Hp 320-15Ikbrn Firmware.