CVE-2017-3775

Summary

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.

Affected Software

VendorProductVersion RangeStatus
Lenovo Group Ltd.Some Lenovo Flex System and Lenovo System x productsAffected BIOS version varies by productaffected

Weaknesses

  • Booting unauthenticated code

ADP Enrichment

CVE Program Container

Additional References

References