Skip to main content

Lenovo Warns Critical WiFi Vulnerability Impacts Dozens of ThinkPad Models

posted onFebruary 10, 2018
by l33tdawg

Lenovo warned customers on Friday that two critical Broadcom vulnerabilities impacts 25 models of its popular ThinkPad brand. The vulnerabilities were first revealed in September and originally they were only reported to impact specific Broadcom chipsets used in Apple iPhones, Apple TV and Android devices.

Lenovo has expanded that list to include two dozen ThinkPads that use Broadcom’s BCM4356 Wireless LAN Driver for Windows 10. According to the Lenovo advisory, the Wi-Fi chipsets contain the same firmware vulnerabilities CVE-2017-11120 and CVE-2017-11121 patched by Apple and Google in September.

Both vulnerabilities are tied to controllers used by Broadcom’s wireless LAN driver that contain buffer overflow flaws, which can be exploited by an attacker that can gain arbitrary code execution on the adapter, but not the targeted system’s CPU.  Both CVEs are rated “critical” and have scores of 10 on Mitre’s CVSS scale.




You May Also Like

Recent News

Monday, February 19th

Thursday, February 15th

Tuesday, February 13th

Monday, February 12th

Sunday, February 11th

Saturday, February 10th