CVE-2024-26836

Summary

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: think-lmi: Fix password opcode ordering for workstations

The Lenovo workstations require the password opcode to be run before the attribute value is changed (if Admin password is enabled).

Tested on some Thinkpads to confirm they are OK with this order too.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux640a5fa50a42b99bfa2a0ec51b4ea9591d9bd055 < 2deb10a99671afda30f834e95e5b992a805bba6aaffected
LinuxLinux640a5fa50a42b99bfa2a0ec51b4ea9591d9bd055 < 2bfbe1e0aed00ba51d58573c79452fada3f62ed4affected
LinuxLinux640a5fa50a42b99bfa2a0ec51b4ea9591d9bd055 < 6f7d0f5fd8e440c3446560100ac4ff9a55eec340affected
LinuxLinux5.17affected
LinuxLinux0 < 5.17unaffected
LinuxLinux6.6.55 <= 6.6.*unaffected
LinuxLinux6.7.7 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References