CVE-2018-9062
MEDIUMLenovo ThinkPad and V Series Firmware - Arbitrary Code Execution via Improper BIOS Region Check
Title source: llmDescription
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105387
Patch, Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/LEN-20527
Scores
CVSS v3
6.8
EPSS
0.0015
EPSS Percentile
34.6%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (39)
lenovo/e42-80_firmware
< 2wcn40ww
lenovo/e42-80_isk_firmware
< 0zcn48ww
lenovo/e52-80_firmware
< 2wcn40ww
lenovo/e52-80_isk_firmware
< 0zcn48ww
lenovo/miix_720-12ikb_firmware
< 3scn68ww
lenovo/thinkpad_e480_firmware
< r0pet47w
lenovo/thinkpad_e580_firmware
< r0pet47w
lenovo/thinkpad_l380_firmware
< r0ret28w
lenovo/thinkpad_l480_firmware
< r0qet47w
lenovo/thinkpad_l580_firmware
< r0qet47w
... and 29 more
Published
Jul 19, 2018
Tracked Since
Feb 18, 2026