CVE-2018-16091Improper Restriction of Operations within the Bounds of a Memory Buffer in Lenovo System Management Module Firmware

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.4%
top 40.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lenovo Thinksystem SMMLenovo System Management Module Firmware
Timeline
PublishedNov 27
Latest updateMay 14

Description

In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5lenovo/thinksystem_smmunspecified1.06

🔴Vulnerability Details

2
GHSA
GHSA-p9vj-3h39-96p7: In System Management Module (SMM) versions prior to 12022-05-14
CVEList
System Management Module Vulnerabilities2018-11-27
CVE-2018-16091 — Lenovo vulnerability | cvebase