CVE-2018-9069

CWE-362 — Race Condition3 documents3 sources

Severity

5.9MEDIUM

EPSS

0.2%

top 56.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Group LTD Ideapad HP 310s-14isk Firmware HP 320-15ikbra Firmware +53 more

Timeline

PublishedOct 2

Latest updateMay 13

Description

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.7 | Impact: 5.2

Affected Packages56 packages

▶CVEListV5lenovo_group_ltd/ideapadvarious — various

▶NVDhp/lenovo_ideapad_720s-14ikb_firmware< 6jcn26ww

▶NVDhp/lenovo_ideapad_flex_5-1470_firmware< 6jcn26ww

▶NVDhp/lenovo_ideapad_flex_5-1570_firmware< 6jcn26ww

▶NVDlenovo/e42-80_firmware< 2wcn38ww

🔴Vulnerability Details

GHSA

GHSA-p7mj-q6cv-6qw2: In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, pote↗2022-05-13

▶

CVEList

BIOS Write Protection Race Condition↗2018-10-02

▶