Security
Headlines
HeadlinesLatestCVEs

Tag

#lenovo

CVE-2021-42848: 联想中国(Lenovo China)联想知识库

An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.

CVE
Open in Source
#vulnerability#lenovo#auth
Black Hat Asia: Firmware Supply-Chain Woes Plague Device Security

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.

CVE-2021-4210: Multi-vendor BIOS Security Vulnerabilities (February 2022) - Lenovo Support DE

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE-2021-3897: Authentication Bypass Vulnerabilities in FPC2 and SMM Firmware - Lenovo Support DE

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.

Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities

Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.

CVE-2021-3752: [PATCH 5.15 187/917] Bluetooth: fix use-after-free error in lock_sock_nested()

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2021-42370: Storage Monitoring EMC² IBM Hitachi HPE NetApp Lenovo

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)

CVE-2019-25045

An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.

CVE-2020-14356: kernel NULL pointer dereference in __cgroup_bpf_run_filter_skb

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVE-2020-24394: #962254 - NFSv4.2: umask not applied on filesystem without ACL support

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.