TPM 2.0 Sleep-Wake Error in BIOS Firmware - Lenovo Support NL

Lenovo Security Advisory: LEN-20494

**Potential Impact:**Local security-bypass

Severity: Medium

Scope of Impact: Industry-wide

CVE Identifier: CVE-2018-6622

Summary Description:

Lenovo was notified of a potential security bypass vulnerability in BIOS firmware for managing the TPM 2.0 device. If an attacker gains Windows administrator rights and then modifies the Windows kernel so it does not properly prepare the TPM for entering sleep (S3), the TPM may later wake in an error state with cleared PCRs. The BIOS does not detect and resolve this TPM error state, potentially allowing a local attacker to bypass security measures.

Mitigation Strategy for Customers (what you should do to protect yourself):

Lenovo recommends customers update their BIOS to at least the minimum version indicated for their model in the Product Impact section of this advisory.

Product Impact: