CVE-2018-9069

Summary

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Affected Software

VendorProductVersion RangeStatus
Lenovo Group LTDIdeaPadvarious < variousaffected

Weaknesses

  • Privilege escalation

ADP Enrichment

CVE Program Container

Additional References

References