CVE-2018-9069 - OpenCVE

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Complete

AV:N/AC:M/Au:S/C:N/I:P/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	V310-15ikb Firmware E52-80 Firmware E42-80 Firmware V310-14ikb Firmware V310-15isk Firmware V510-14ikb Firmware V310-14isk Firmware V510-15ikb Firmware
Hp	320-15ikbrn Firmware Y720-15ikb Firmware Rescuer Y520-15ikbm Yoga 720-13ikb Firmware Ideapad 2in1 14 Lenovo Ideapad Y520-15ikbn Lenovo Ideapad Flex 5-1470 Firmware Rescuer R720-15ikbm Firmware 7000 U42 520s-14ikb Firmware Ideapad 2in1 14 Firmware 510s-14isk Firmware Yoga 310-11iap Firmware Yoga 510-14isk Lenovo Y520-15ikba Firmware Lenovo Ideapad 720s-14ikb R720-15ikbn Firmware Nano110-15ikb Firmware Y520-15ikbn Firmware Lenovo Ideapad Y520-15ikbn Firmware Lenovo Ideapad 520s-14ikbr V310-15isk 320-15ikbra Firmware Lenovo Ideapad 320s-15ikbr 320-15ikbrn Touch Firmware Y720-15ikb 310s-14isk Firmware Lenovo Ideapad 320-14ikb\(i\+a\) Firmware Lenovo Ideapad 320s-15ikbr Firmware Yoga 510-14isk Firmware R720-15ikba Firmware Yoga 310-11iap 710s Plus-3ikb Yoga 720-13ikbr Firmware Lenovo Ideapad 320-14ikb\(i\+a\) B320-14ikb Lenovo V720-14 Firmware Lenovo Y720-15ikb Firmware 710s Plus Touch-13ikb Firmware 320s-15ikb Flex 5-1570 Firmware Flex 5-1570 Lenovo Ideapad 320-15abr Firmware Lenovo Y520-15ikbm 720s-13ikb Lenovo V720-14 320s-15ikb Firmware 520-15ikbrn Firmware 7000 U42 Firmware Lenovo Ideapad 720s-14ikb Firmware E52-80 Lenovo Yoga 520-15ikb 320s-15isk Firmware V330-14isk Firmware 7000-15 U42 Firmware Lenovo Ideapad Flex 5-1570 Nano110-14ikb Firmware Rescuer Y520-15ikbm Firmware 320s-15isk Yoga 720-13ikbr B320-14ikb Firmware 510s-14isk Lenovo Ideapad Flex 5-1570 Firmware V310-14isk V310-15ikb Lenovo Y520-15ikbm Firmware V510-15ikb Lenovo Ideapad 320-15abr Lenovo Y720-15ikb E42-80 V310-14ikb Lenovo Ideapad 320s-14ikbr 320-15ikbra Lenovo Ideapad 320-15ikb\(i\+n\) Firmware 320s-14ikb Lenovo Yoga 520-15ikb Firmware Flex 5-1470 Firmware Y520-15ikba Xiaoxinair13ikbpro Lenovo Tianyi 310-15ikb Firmware Lenovo Tianyi 310-14ikb Firmware 310s-14isk 710s Plus-3ikb Firmware Nano110-15ikb V510-14ikb V330-14ikb Miix 720-12ikb E43-80 Kbl E43-80 Kbl Firmware V330-14isk Lenovo Ideapad 320s-14ikbr Firmware Lenovo Y520-15ikba 520s-14ikb R720-15ikba V330-14ikb Firmware Rescuer R720-15ikbm 320-15ikbrn 710s Plus-13ikb 16g Flex 4-1470 Firmware Y520-15ikba Firmware Yoga 720-15ikb Nano110-14ikb Flex 5-1470 Lenovo Ideapad 520s-14ikbr Firmware Lenovo Tianyi 310-14ikb Lenovo Ideapad 320-15ikb\(i\+n\) Yoga 720-15ikb Firmware Lenovo Ideapad 320-14ikb\(i\+n\) Lenovo Yoga 520-14ikb Firmware 710s Plus-13ikb 16g Firmware Flex 4-1470 R720-15ikbn 320-17ikbrn Lenovo Yoga 520-14ikb Yoga 720-13ikb 320-15ikbrn Touch Lenovo Ideapad Flex 5-1470 Xiaoxinair13ikbpro Firmware 710s Plus Touch-13ikb Y520-15ikbn 520-15ikbrn 720s-13ikb Firmware 7000-15 U42 Lenovo Tianyi 310-15ikb Lenovo Ideapad 320-14ikb\(i\+n\) Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hp:310s-14isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:310s-14isk:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:320-15ikbra_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:320-15ikbra:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:320-15ikbrn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:320-15ikbrn:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hp:320-15ikbrn_touch_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:320-15ikbrn_touch:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:hp:320-17ikbrn:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:320-17ikbrn:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:hp:320s-14ikb:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:320s-14ikb:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:hp:320s-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:320s-15ikb:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:hp:320s-15isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:320s-15isk:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:hp:510s-14isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:510s-14isk:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:hp:520-15ikbrn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:520-15ikbrn:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:hp:520s-14ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:520s-14ikb:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:hp:710s_plus-13ikb_16g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:710s_plus-13ikb_16g:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:hp:710s_plus-3ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:710s_plus-3ikb:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:hp:xiaoxinair13ikbpro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:xiaoxinair13ikbpro:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:hp:710s_plus_touch-13ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:710s_plus_touch-13ikb:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:hp:720s-13ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:720s-13ikb:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:hp:b320-14ikb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:b320-14ikb:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:e42-80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:e42-80:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:e52-80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:e52-80:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:hp:flex_4-1470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:flex_4-1470:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:hp:flex_5-1470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:flex_5-1470:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:hp:flex_5-1570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:flex_5-1570:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:hp:ideapad_2in1_14_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:ideapad_2in1_14:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_320-14ikb\(i\+a\)_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_320-14ikb\(i\+a\):-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_320-14ikb\(i\+n\)_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_320-14ikb\(i\+n\):-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_320-15abr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_320-15abr:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_320-15ikb\(i\+n\)_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_320-15ikb\(i\+n\):-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_320s-14ikbr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_320s-14ikbr:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_320s-15ikbr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_320s-15ikbr:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_520s-14ikbr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_520s-14ikbr:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_720s-14ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_720s-14ikb:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_flex_5-1470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_flex_5-1470:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_flex_5-1570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_flex_5-1570:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:hp:lenovo_ideapad_y520-15ikbn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_ideapad_y520-15ikbn:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:hp:lenovo_tianyi_310-14ikb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_tianyi_310-14ikb:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:hp:lenovo_tianyi_310-15ikb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_tianyi_310-15ikb:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:hp:lenovo_y520-15ikba_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_y520-15ikba:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:hp:lenovo_y520-15ikbm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_y520-15ikbm:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:hp:lenovo_yoga_520-14ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_yoga_520-14ikb:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:hp:lenovo_yoga_520-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_yoga_520-15ikb:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:h:hp:miix_720-12ikb:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:miix_720-12ikb:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:hp:nano110-14ikb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:nano110-14ikb:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:hp:nano110-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:nano110-15ikb:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:hp:rescuer_r720-15ikbm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:rescuer_r720-15ikbm:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:hp:rescuer_y520-15ikbm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:rescuer_y520-15ikbm:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:lenovo:v310-14ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:v310-14ikb:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:lenovo:v310-14isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:v310-14isk:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:lenovo:v310-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:v310-15ikb:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:lenovo:v310-15isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:v310-15isk:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:hp:v330-14ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:v330-14ikb:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:hp:v330-14isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:v330-14isk:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:lenovo:v510-14ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:v510-14ikb:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:lenovo:v510-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:v510-15ikb:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:hp:yoga_310-11iap_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:yoga_310-11iap:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:hp:yoga_510-14isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:yoga_510-14isk:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:hp:yoga_720-13ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:yoga_720-13ikb:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:hp:yoga_720-13ikbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:yoga_720-13ikbr:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:hp:yoga_720-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:yoga_720-15ikb:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:hp:lenovo_v720-14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_v720-14:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

cpe:2.3:o:hp:7000_u42_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:7000_u42:-:*:*:*:*:*:*:*

Configuration 61 [-]

AND

cpe:2.3:o:hp:7000-15_u42_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:7000-15_u42:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

cpe:2.3:o:hp:r720-15ikba_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:r720-15ikba:-:*:*:*:*:*:*:*

Configuration 63 [-]

AND

cpe:2.3:o:hp:y520-15ikba_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:y520-15ikba:-:*:*:*:*:*:*:*

Configuration 64 [-]

AND

cpe:2.3:o:hp:r720-15ikbn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:r720-15ikbn:-:*:*:*:*:*:*:*

Configuration 65 [-]

AND

cpe:2.3:o:hp:y520-15ikbn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:y520-15ikbn:-:*:*:*:*:*:*:*

Configuration 66 [-]

AND

cpe:2.3:o:hp:y720-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:y720-15ikb:-:*:*:*:*:*:*:*

Configuration 67 [-]

AND

cpe:2.3:o:hp:lenovo_y720-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:lenovo_y720-15ikb:-:*:*:*:*:*:*:*

Configuration 68 [-]

AND

cpe:2.3:o:hp:e43-80_kbl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:e43-80_kbl:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/solutions/LEN-20184	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2018-10-02T14:00:00

Updated: 2018-10-02T13:57:01

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9069

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-02T13:29:00.443

Modified: 2020-02-18T20:54:46.333

Link: CVE-2018-9069

JSON object: View

Redhat Information

No data.

CWE

CWE-362