CVE-2018-9062 (e42-80_firmware, e42-80_isk_firmware, e52-80_firmware, e52-80_isk_firmware, miix_720-12ikb_firmware, thinkpad_e480_firmware, thinkpad_e580_firmware, thinkpad_l380_firmware, thinkpad_l480_firmware, thinkpad_l580_firmware, thinkpad_p51_firmware, thinkpad_p51s_firmware, thinkpad_p52_firmware, thinkpad_p52s_firmware, thinkpad_p71_firmware, thinkpad_p72_firmware, thinkpad_s1_firmware, thinkpad_t25_firmware, thinkpad_t470_firmware, thinkpad_t470p_firmware, thinkpad_t470s_firmware, thinkpad_t480_firmware, thinkpad_t480s_firmware, thinkpad_t570_firmware, thinkpad_t580_firmware, thinkpad_x1_carbon_firmware, thinkpad_x1_tablet_firmware, thinkpad_x1_yoga_firmware, thinkpad_x270_firmware, thinkpad_x280_firmware, thinkpad_x380_yoga_firmware, thinkpad_yoga_11e_firmware, thinkpad_yoga_370_firmware, v310-14ikb_firmware, v310-14isk_firmware, v310-15ikb_firmware, v310-15isk_firmware, v510-14ikb_firmware, v510-15ikb_firmware)

by Jeremyin Security Bulletinson Posted on

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.