ID

VAR-E-201606-0744


TITLE

Lenovo ThinkPad System Management Mode Local Privilege Escalation Vulnerability

Trust: 0.3

sources: BID: 91538

DESCRIPTION

Lenovo ThinkPad is prone to a local privilege escalation vulnerability.
A local attacker can leverage this issue to execute arbitrary code with administrative privileges in the context of the System Management Mode.

Trust: 0.3

sources: BID: 91538

AFFECTED PRODUCTS

vendor:lenovomodel:thinkpad yoga 11escope:eqversion:0

Trust: 0.9

vendor:lenovomodel:thinkpad carbonscope:eqversion:x10

Trust: 0.6

vendor:lenovomodel:thinkpad tabletscope:eqversion:80

Trust: 0.6

vendor:lenovomodel:thinkpad tabletscope:eqversion:100

Trust: 0.6

vendor:lenovomodel:thinkstation d30 (typescope:eqversion:4353-4354)0

Trust: 0.3

vendor:lenovomodel:thinkstation d30 (typescope:eqversion:4223-4228-4229)0

Trust: 0.3

vendor:lenovomodel:thinkstation c30 (typescope:eqversion:1136-1137)0

Trust: 0.3

vendor:lenovomodel:thinkstation c30 (typescope:eqversion:1095-1096-1097)0

Trust: 0.3

vendor:lenovomodel:thinkpad yogascope:eqversion:150

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:x2500

Trust: 0.3

vendor:lenovomodel:thinkpad x240sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:x2400

Trust: 0.3

vendor:lenovomodel:thinkpad x230sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad x230i tabletscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad x230iscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad tabletscope:eqversion:x2300

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:x2300

Trust: 0.3

vendor:lenovomodel:thinkpad x140escope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad x131escope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad w550sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad w541scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad w540scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad w530scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad ultrazoomscope:eqversion:1

Trust: 0.3

vendor:lenovomodel:thinkpad ultranav wizardscope:eqversion:3

Trust: 0.3

vendor:lenovomodel:thinkpad twist/edge s230scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t550scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t540pscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t530iscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t530scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t450sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t450scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t440sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t440pscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t440scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t431sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t430siscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t430sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t430iscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t430scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t430scope:eqversion: -

Trust: 0.3

vendor:lenovomodel:thinkpad t420scope:eqversion: -

Trust: 0.3

vendor:lenovomodel:thinkpad t400scope:eqversion: -

Trust: 0.3

vendor:lenovomodel:thinkpad s540scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad s531scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad s430scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad s3-s440scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad s3 yogascope:eqversion:140

Trust: 0.3

vendor:lenovomodel:thinkpad l540scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad l450scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad l440scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad l430scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad helixscope:eqversion:(3xxx)0

Trust: 0.3

vendor:lenovomodel:thinkpad helixscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad edge s430scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad edge e555scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad edge e455scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad e565scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad e465scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad 11escope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:100

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:x61

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:x220

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:x201

Trust: 0.3

vendor:lenovomodel:thinkpad t61scope: - version: -

Trust: 0.3

vendor:lenovomodel:thinkpad t60scope: - version: -

Trust: 0.3

vendor:lenovomodel:thinkpad t530scope: - version: -

Trust: 0.3

vendor:lenovomodel:thinkpad t430scope: - version: -

Trust: 0.3

vendor:lenovomodel:thinkpad t43scope: - version: -

Trust: 0.3

vendor:lenovomodel:thinkpad t410scope: - version: -

Trust: 0.3

vendor:lenovomodel:system m5scope:eqversion:x36500

Trust: 0.3

vendor:lenovomodel:system m5scope:eqversion:x35500

Trust: 0.3

vendor:lenovomodel:system m5scope:eqversion:x35000

Trust: 0.3

vendor:lenovomodel:ideapad z50-75scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad yogascope:eqversion:3140

Trust: 0.3

vendor:lenovomodel:ideapad s41-75scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad s41-35scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad m41-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad k41-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad g70-35scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad g51-35scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad g50-70mscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad g41-35scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad g40-75mscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad flexscope:eqversion:3-15700

Trust: 0.3

vendor:lenovomodel:ideapad flexscope:eqversion:3-14700

Trust: 0.3

vendor:lenovomodel:ideapad flex 3-1435scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:ideapad 305-15ihwscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:flex systemscope:eqversion:x880x60

Trust: 0.3

vendor:lenovomodel:flex systemscope:eqversion:x8800

Trust: 0.3

vendor:lenovomodel:flex systemscope:eqversion:x480x60

Trust: 0.3

vendor:lenovomodel:flex systemscope:eqversion:x280x60

Trust: 0.3

vendor:lenovomodel:flex system m5scope:eqversion:x2400

Trust: 0.3

sources: BID: 91538

EXPLOIT

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

Trust: 0.3

sources: BID: 91538

PRICE

Free

Trust: 0.3

sources: BID: 91538

TYPE

Unknown

Trust: 0.3

sources: BID: 91538

CREDITS

Dmytro Oleksiuk

Trust: 0.3

sources: BID: 91538

EXTERNAL IDS

db:LENOVOid:LEN-8324

Trust: 0.3

db:BIDid:91538

Trust: 0.3

sources: BID: 91538

REFERENCES

url:http://www.lenovo.com/ca/en/

Trust: 0.3

url:http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html

Trust: 0.3

url:https://github.com/cr4sh/thinkpwn

Trust: 0.3

url:https://support.lenovo.com/us/en/solutions/len-8324

Trust: 0.3

sources: BID: 91538

SOURCES

db:BIDid:91538

LAST UPDATE DATE

2022-07-27T09:51:49.012000+00:00


SOURCES UPDATE DATE

db:BIDid:91538date:2016-07-14T20:00:00

SOURCES RELEASE DATE

db:BIDid:91538date:2016-06-30T00:00:00