CVE-2024-26836

HIGH

Linux kernel - Privilege Escalation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed (if Admin password is enabled). Tested on some Thinkpads to confirm they are OK with this order too.

References (3)

[Patch] https://git.kernel.org/stable/c/2bfbe1e0aed00ba51d58573c79452fada3f62ed4

[Patch] https://git.kernel.org/stable/c/2deb10a99671afda30f834e95e5b992a805bba6a

[Patch] https://git.kernel.org/stable/c/6f7d0f5fd8e440c3446560100ac4ff9a55eec340

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 1.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (8)

linux/linux_kernel < 6.6.55

linux/linux_kernel

linux/Kernel < 6.6.55linux

linux/Kernel < 6.7.7linux

Timeline

Published Apr 17, 2024

Tracked Since Feb 18, 2026