Security Warnings

Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Lenovo Updates

373

Warning Date: 11 November, 2020

Severity Level ● High

Warning Number: 2020-2040

Target Sector: All

Description:

Lenovo has released a security updates to address multiple vulnerabilities in the following products:

  • Lenovo Notebook/IdeaPad/ThinkBooks
    • Intel PROSet Wireless WiFi Software
    • Intel Thunderbolt DCH Drivers for Windows
    • Intel Wireless Bluetooth
    • Intel High Definition Audio
    • Intel CSME, SPS, TXE, DAL and AMT
    • BIOS
    • Intel Graphics Driver for Windows
  • ThinkPad
    • Intel PROSet Wireless WiFi Software
    • Intel Thunderbolt DCH Drivers for Windows
    • Intel Wireless Bluetooth
    • Intel CSME, SPS, TXE, DAL and AMT
    • BIOS
    • Intel Graphics Driver for Windows
  • ThinkServer
    • Intel High Definition Audio
    • Intel CSME, SPS, TXE, DAL and AMT
    • BIOS
    • Intel Graphics Driver for Windows
  • ThinkSystem
    • NetApp SANtricity OS Controller Software
    • NetApp Clustered Data ONTAP 9.7.x
    • Intel CSME, SPS, TXE, DAL and AMT
    • BIOS
    • AMI MegaRAC SP-X BMC
    • Intel Graphics Driver for Windows
  • Hyperscale
    • Intel CSME, SPS, TXE, DAL and AMT
    • BIOS
    • AMI MegaRAC SP-X BMC
  • Converged HX
    • BIOS
  • Desktop
    • Intel PROSet Wireless WiFi Software
    • Intel Thunderbolt DCH Drivers for Windows
    • Intel Wireless Bluetooth
    • Intel CSME, SPS, TXE, DAL and AMT
    • BIOS
  • Desktop - All in One
    • Intel PROSet Wireless WiFi Software
    • Intel Thunderbolt DCH Drivers for Windows
    • Intel Wireless Bluetooth
    • Intel HID Event Filter Driver
    • Intel CSME, SPS, TXE, DAL and AMT
    • BIOS
  • Storage
    • BIOS
  • System x
    • BIOS
  • ThinkAgile
    • Intel CSME, SPS, TXE, DAL and AMT
    • BIOS
  • ThinkStation
    • Intel PROSet Wireless WiFi Software
    • Intel Thunderbolt DCH Drivers for Windows
    • Intel Wireless Bluetooth
    • Intel CSME, SPS, TXE, DAL and AMT
    • BIOS
  • Tablets
    • Intel CSME, SPS, TXE, DAL and AMT

Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Privileges escalation
  • Denial of service (DoS)
  • Information disclosure

Best practice and Recommendations:

The CERT team encourages users to apply the necessary updates, and for details on the affected versions and components, please review Lenovo security advisory:

Last updated at 11 November, 2020