Lenovo Security Advisory: LEN-15084
Potential Impact: Attacker with physical or administrative access could flash malicious BIOS code
Severity: High
**Scope of Impact:**Lenovo Specific
**CVE Identifier:**CVE-2017-3754
Summary Description:
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to the latest version of BIOS for your system by following the links below or by using Lenovo System Update.
Lenovo Notebooks Impacted:
Product | Status | Minimum Version Required to Fix | Link to Update | Last Updated |
---|---|---|---|---|
110-14IBR/110-15IBR | Not Affected | 7/13/2017 | ||
110-14ISK | Not Affected | 7/13/2017 | ||
110-15ACL | Not Affected | 7/13/2017 | ||
110-15ISK | Not Affected | 7/13/2017 | ||
110-17ACL | Not Affected | 7/13/2017 | ||
120s-11IAP | Not Affected | 7/13/2017 | ||
120s-14IAP | Not Affected | 7/13/2017 | ||
310 Touch-15IKB | Not Affected | 7/13/2017 | ||
310-14IKB | Not Affected | 7/13/2017 | ||
310-14ISK | Not Affected | 7/13/2017 | ||
310-15IKB | Not Affected | 7/13/2017 | ||
310-15ISK | Not Affected | 7/13/2017 | ||
310S-11IAP | Not Affected | 7/13/2017 | ||
310S-14AST | Not Affected | 7/13/2017 | ||
310S-14IKB | Not Affected | 7/13/2017 | ||
310S-14ISK | Not Affected | 7/13/2017 | ||
310S-15IKB | Not Affected | 7/13/2017 | ||
310S-15ISK | Not Affected | 7/13/2017 | ||
320-15IKBRA | Not Affected | 7/13/2017 | ||
320-15IKBRN | Not Affected | 7/13/2017 | ||
320-15IKBRN Touch | Not Affected | 7/13/2017 | ||
320-17ABR | Not Affected | 7/13/2017 | ||
320-17AST | Affected | 5PCN15WW | <http://pcsupport.lenovo.com/downloads/DS122071> | 7/13/2017 |
320-17IKBRN | Not Affected | 7/13/2017 | ||
320S-14IKB | Not Affected | 7/13/2017 | ||
320S-15ABR | Not Affected | 7/13/2017 | ||
320S-15AST | Not Affected | 7/13/2017 | ||
320S-15IKB | Not Affected | 7/13/2017 | ||
320S-15ISK | Not Affected | 7/13/2017 | ||
510-15IKB | Not Affected | 7/13/2017 | ||
510-15ISK | Not Affected | 7/13/2017 | ||
510S-13IKB | Not Affected | 7/13/2017 | ||
510S-14IKB | Not Affected | 7/13/2017 | ||
510S-14ISK | Not Affected | 7/13/2017 | ||
520-15IKBRN | Not Affected | 7/13/2017 | ||
520S-14IKB | Not Affected | 7/13/2017 | ||
520S-15IKB | Not Affected | 7/13/2017 | ||
710S Plus T-13IKBR | Not Affected | 7/13/2017 | ||
710S Plus-13IKB 16G | Not Affected | 7/13/2017 | ||
710S Plus-13IKBR | Not Affected | 7/13/2017 | ||
710S Plus-13ISK/XiaoXinAir13Pro | Not Affected | 7/13/2017 | ||
710S Plus-3IKB/XiaoXinAir13IKBPro | Not Affected | 7/13/2017 | ||
710s-13IKB/XiaoXin Air 13IKB | Affected | 3HCN19WW | <http://pcsupport.lenovo.com/downloads/DS118654> | 7/13/2017 |
710S-13ISK/XiaoXin Air 13 | Affected | 0NCN34WW | <http://pcsupport.lenovo.com/downloads/DS112513> | 7/13/2017 |
720S Touch-13IKBR | Not Affected | 7/13/2017 | ||
720S-13IKB | Not Affected | 7/13/2017 | ||
720S-13IKBR | Not Affected | 7/13/2017 | ||
720S-14IKBR | Not Affected | 7/13/2017 | ||
B320-14IAP | Not Affected | 7/13/2017 | ||
B320-14IKB | Not Affected | 7/13/2017 | ||
B41-30 | Not Affected | 7/13/2017 | ||
B41-80 | Not Affected | 7/13/2017 | ||
B51-30 | Not Affected | 7/13/2017 | ||
B51-80 | Not Affected | 7/13/2017 | ||
E41-10 | Not Affected | 7/13/2017 | ||
E41-15(Beema) | Not Affected | 7/13/2017 | ||
E41-15(CZ-L) | Not Affected | 7/13/2017 | ||
E42-80 | Not Affected | 7/13/2017 | ||
E52-80 | Not Affected | 7/13/2017 | ||
Flex 4-1130 | Not Affected | 7/13/2017 | ||
FLEX 4-1435 | Not Affected | 7/13/2017 | ||
FLEX 4-1470 | Not Affected | 7/13/2017 | ||
FLEX 4-1480 | Not Affected | 7/13/2017 | ||
FLEX 4-1570 | Not Affected | 7/13/2017 | ||
FLEX 4-1580 | Not Affected | 7/13/2017 | ||
FLEX 5-1470 | Not Affected | 7/13/2017 | ||
FLEX 5-1570 | Not Affected | 7/13/2017 | ||
Flex 6-1130 | Not Affected | 7/13/2017 | ||
ideapad 100S-14IBR | Not Affected | 7/13/2017 | ||
ideapad 110S-11IBR | Not Affected | 7/13/2017 | ||
K21-80 | Affected | D8CN45WW | Contact your local servicer | 7/13/2017 |
K22-80/Lenovo V720-12 | Affected | 1NCN34WW | <http://support1.lenovo.com.cn/lenovo/wsi/Modules/DriverDetail.aspx?ID=49061> | 7/13/2017 |
K41-80 | Affected | D2CN55WW | Contact your local servicer | 7/13/2017 |
K42-80 ISK | Not Affected | 7/13/2017 | ||
K42-80 KBLR | Not Affected | 7/13/2017 | ||
Lenovo ideapad 110-14AST | Affected | 3UCN26WW | <http://pcsupport.lenovo.com/downloads/DS119389> | 7/13/2017 |
Lenovo ideapad 110-15AST | Affected | 3UCN26WW | <http://pcsupport.lenovo.com/downloads/DS119389> | 7/13/2017 |
Lenovo ideapad 110-17IKB | Not Affected | 7/13/2017 | ||
Lenovo ideapad 110-17ISK | Not Affected | 7/13/2017 | ||
Lenovo ideapad 310-14IAP | Not Affected | 7/13/2017 | ||
Lenovo ideapad 310-15IAP | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-14AST | Affected | 5PCN15WW | <http://pcsupport.lenovo.com/downloads/DS122071> | 7/13/2017 |
Lenovo ideapad 320-14IAP | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-14IKB(I+A) | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-14IKB(I+N) | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-14ISK | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-15ABR | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-15AST | Affected | 5PCN15WW | <http://pcsupport.lenovo.com/downloads/DS122071> | 7/13/2017 |
Lenovo ideapad 320-15IAP | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-15IKB(I+A) | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-15IKB(I+N) | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-15IKBN Touch | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-15ISK | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-17IKB | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320-17ISK | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320s-14IKB | Not Affected | 7/13/2017 | ||
Lenovo ideapad 320s-15IKB | Not Affected | 7/13/2017 | ||
Lenovo ideapad 520s-14IKB | Not Affected | 7/13/2017 | ||
Lenovo ideapad 720S-14IKB | Not Affected | 7/13/2017 | ||
Lenovo ideapad FLEX 5-1470 | Not Affected | 7/13/2017 | ||
Lenovo ideapad FLEX 5-1570 | Not Affected | 7/13/2017 | ||
Lenovo ideapad Y520-15IKBN | Not Affected | 7/13/2017 | ||
Lenovo N22 | Not Affected | 7/13/2017 | ||
Lenovo N23 | Not Affected | 7/13/2017 | ||
Lenovo V320-17IKB | Not Affected | 7/13/2017 | ||
Lenovo V320-17ISK | Not Affected | 7/13/2017 | ||
Lenovo XiaoXin 310-14IKB | Not Affected | 7/13/2017 | ||
Lenovo XiaoXin Rui7000 | Affected | 3ZCN30WW | Contact your local servicer | 7/13/2017 |
Lenovo Y520-15IKBA | Not Affected | 7/13/2017 | ||
Lenovo YOGA 520-14IKB | Not Affected | 7/13/2017 | ||
MIIX 210-10ICR | Not Affected | 7/13/2017 | ||
Miix 320-10ICR | Not Affected | 7/13/2017 | ||
Miix 510-12IKB | Not Affected | 7/13/2017 | ||
Miix 510-12ISK | Not Affected | 7/13/2017 | ||
MIIX 520-12IKB | Not Affected | 7/13/2017 | ||
MIIX 710-12IKB | Affected | 3TCN31WW | <http://pcsupport.lenovo.com/downloads/DS119008> | 7/13/2017 |
MIIX 720-12IKB | Affected | 3SCN57WW | <http://pcsupport.lenovo.com/downloads/DS119559> | 7/13/2017 |
N22 Chromebook | Not Affected | 7/13/2017 | ||
N24 | Not Affected | 7/13/2017 | ||
N42-20 Chromebook | Not Affected | 7/13/2017 | ||
N42-20 Touch Chromebook | Not Affected | 7/13/2017 | ||
Nano110-14IKB | Not Affected | 7/13/2017 | ||
Nano110-15IKB | Not Affected | 7/13/2017 | ||
Rescuer E520-15IKB | Affected | 3ZCN30WW | Contact your local servicer | 7/13/2017 |
V110-14AST | Not Affected | 7/13/2017 | ||
V110-14IAP | Affected | 1MCN40WW | <http://pcsupport.lenovo.com/downloads/DS120211> | 7/13/2017 |
V110-15AST | Not Affected | 7/13/2017 | ||
V110-15IAP | Affected | 1MCN40WW | <http://pcsupport.lenovo.com/downloads/DS120211> | 7/13/2017 |
V110-15IKB | Affected | 2TCN18WW | <http://pcsupport.lenovo.com/downloads/DS121691> | 7/13/2017 |
V110-15ISK | Affected | 1KCN34WW | <http://pcsupport.lenovo.com/downloads/DS119358> | 7/13/2017 |
V110-17IKB | Not Affected | 7/13/2017 | ||
V110-17ISK | Not Affected | 7/13/2017 | ||
V310-14IKB | Not Affected | 7/13/2017 | ||
V310-14ISK | Not Affected | 7/13/2017 | ||
V310-15IKB | Not Affected | 7/13/2017 | ||
V310-15ISK | Not Affected | 7/13/2017 | ||
V330-14IKB | Not Affected | 7/13/2017 | ||
V330-14ISK | Not Affected | 7/13/2017 | ||
V510-14IKB | Not Affected | 7/13/2017 | ||
V510-15IKB | Not Affected | 7/13/2017 | ||
V720-14 KBLR | Not Affected | 7/13/2017 | ||
XiaoXin 310-14ISK | Not Affected | 7/13/2017 | ||
XiaoXin 510S-14IKB | Not Affected | 7/13/2017 | ||
XiaoXin 510S-14ISK | Not Affected | 7/13/2017 | ||
XiaoXin Air-IKBR | Not Affected | 7/13/2017 | ||
XiaoXin ๆฝฎ7000 | Not Affected | 7/13/2017 | ||
XX CHAO5000-IKBRA | Not Affected | 7/13/2017 | ||
Y910-17ISK | Not Affected | 7/13/2017 | ||
Y920-17IKB | Not Affected | 7/13/2017 | ||
Yoga 300-11IBR | Not Affected | 7/13/2017 | ||
Yoga 310-11IAP | Not Affected | 7/13/2017 | ||
YOGA 330-11IGM | Not Affected | 7/13/2017 | ||
YOGA 510-14AST | Not Affected | 7/13/2017 | ||
YOGA 510-14IKB | Not Affected | 7/13/2017 | ||
YOGA 510-14ISK | Not Affected | 7/13/2017 | ||
YOGA 510-15IKB | Not Affected | 7/13/2017 | ||
YOGA 510-15ISK | Not Affected | 7/13/2017 | ||
YOGA 520-14IKB | Not Affected | 7/13/2017 | ||
YOGA 710-11IKB | Affected | 3RCN23WW | <http://pcsupport.lenovo.com/downloads/DS118652> | 7/13/2017 |
YOGA 710-14IKB | Not Affected | 7/13/2017 | ||
YOGA 710-15IKB | Not Affected | 7/13/2017 | ||
YOGA 720-12IKB | Not Affected | 7/13/2017 | ||
Yoga 720-13IKB | Not Affected | 7/13/2017 | ||
Yoga 720-13IKBR | Not Affected | 7/13/2017 | ||
Yoga 720-15IKB | Not Affected | 7/13/2017 | ||
YOGA 910-13IKB | Not Affected | 7/13/2017 | ||
YOGA 920-13IKB | Not Affected | 7/13/2017 | ||
ZhaoYang K42-80 | ||||
Lenovo V720-14 | Not Affected | 7/13/2017 | ||
ๅฐๆฐ ๆฝฎ7000-15 | Not Affected | 7/13/2017 | ||
ๆฏๆ่ R720-15IKBA | Not Affected | 7/13/2017 | ||
ๆฏๆ่ R720-15IKBN | Not Affected | 7/13/2017 | ||
ๆฏๆ่ Y520-15IKBN | Not Affected | 7/13/2017 | ||
ๆฏๆ่ Y720-15IKB | ||||
Lenovo Y720-15IKB | Not Affected | 7/13/2017 |
For a complete list of all Lenovo Product Security Advisories, click here.
Revision History:
Revision
|
Date
|
Description
โ|โ|โ
1
|
7/13/2017
|
Initial release
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as โas isโ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.