Lenovo Warns Critical WiFi Vulnerability Impacts Dozens of ThinkPad Models

posted onFebruary 10, 2018
by l33tdawg
https://trtpost-wpengine.netdna-ssl.com/files/2018/02/ThinkPad_Lenovo_Yoga-680x400.jpg
Credit: Threat Post

Lenovo warned customers on Friday that two critical Broadcom vulnerabilities impacts 25 models of its popular ThinkPad brand. The vulnerabilities were first revealed in September and originally they were only reported to impact specific Broadcom chipsets used in Apple iPhones, Apple TV and Android devices.

Lenovo has expanded that list to include two dozen ThinkPads that use Broadcom’s BCM4356 Wireless LAN Driver for Windows 10. According to the Lenovo advisory, the Wi-Fi chipsets contain the same firmware vulnerabilities CVE-2017-11120 and CVE-2017-11121 patched by Apple and Google in September.

Both vulnerabilities are tied to controllers used by Broadcom’s wireless LAN driver that contain buffer overflow flaws, which can be exploited by an attacker that can gain arbitrary code execution on the adapter, but not the targeted system’s CPU.  Both CVEs are rated “critical” and have scores of 10 on Mitre’s CVSS scale.

Source

Tags

Security

You May Also Like

Other Articles In This Section

Recent News

Monday, May 21st

France, China, and the EU All Have an AI Strategy. Shouldn’t the US?
A New Look Inside Theranos’ Dysfunctional Corporate Culture
IPv6 growth is slowing and no one knows why
Could You Upload Your Brain?
Why you shouldn't worry about radiation from your Wi-Fi router or iPhone
Asteroid orbiting the wrong way outed as an 'alien'
Apple cracks down on CallKit-enabled apps in China’s App Store

Thursday, May 17th

What Happened to Facebook's Grand Plan to Wire the World?
Google’s Chrome browser to drop secure label for all HTTPS sites
Tel Aviv Stock Exchange plans blockchain securities lending platform
North Korea May Be Secretly Selling Face Recognition Tech Abroad Through Front Companies
Website leaked real-time location of most US cell phones to almost anyone

Monday, May 14th

Critical PGP and S/MIME bugs can reveal encrypted e-mails. Uninstall now
Facial-recognition software inaccurate in 98% of cases, report finds

Tuesday, May 8th

4 Firefox extensions to install now
Bad guys have something new to play with! Microsoft Excel adds support for JavaScript
Equifax reveals full horror of that monstrous cyber-heist of its servers
Ukrainian Securities Regulator To Consider Crypto As Financial Instrument
Red Hat smitten by secure enclaves 'cos some sysadmins are evil
Magical Money - the ICO crypto-currency boom
May Patch Tuesday Fixes Two Bugs Under Active Attack
Sierra Wireless Patches Critical Vulns in Range of Wireless Routers
Google’s ML Kit offers easy machine learning APIs for Android and iOS
Apple: All app updates must support the iPhone X and iOS 11 come July

Saturday, May 5th

How FREE VPNs Sell Your Data

Thursday, May 3rd

Just because you can solve your problems with a blockchain, doesn't mean you should - Zulfikar Ramzan.
North Korea Denies it Hacked UN Sanctions Committee Database
Your Instagram #Dogs and #Cats Are Training Facebook's AI
Cambridge Analytica shuts down after Facebook user data scandal

Wednesday, May 2nd

Industry CMO on the Downstream Risks of "Logo Disclosures"
GitHub Exposed Passwords of Some Users
Apple meets with California DMV officials to discuss autonomous vehicles
Security Trade-Offs in the New EU Privacy Law
Oculus Go review: The wireless-VR future begins today for only $199
Mark Zuckerberg Says It Will Take 3 Years to Fix Facebook