According to securityaffairs media February 10 news, according to Lenovo safety recommendations issued, Broadcom chipset in two critical vulnerabilities affect at least 25 models ThinkPad device. A remote attacker could exploit these vulnerabilities to execute arbitrary code on the target system adapter. Lenovo indicates fix these vulnerabilities in their products and urged users to update.
Image: Lenovo
CVE-2017-11120: memory corruption vulnerability
An attacker could exploit this vulnerability to execute code on the target device and set up backdoors. Lenovo warned that the presence of this kind of defect of 24 ThinkPad models, these models have one thing in common: they all use the Broadcom BCM4356 wireless LAN driver is.
CVE-2017-11121: Buffer Overflow Vulnerability
The vulnerability is due to the Wi-Fi signal is not correct verification caused. According to the research experts, carefully crafted malicious wireless frame could trigger rapid conversion internal Wi-Fi firmware stack and by a stack overflow, leading to a denial of service situation. Lenovo has been fixed this vulnerability, and urged users to update its ThinkPad Wi-Fi drivers.
Experts believe that the Lenovo ThinkPad equipment both vulnerabilities is critical, therefore, evaluation was CVSS 10 points.
Affected models
ThinkPad 10, ThinkPad L460, ThinkPad P50s, ThinkPad T460, ThinkPad T460p, ThinkPad T460s, ThinkPad T560, ThinkPad X260 and ThinkPad Yoga 260.
Vulnerability Detail:
Source: SecurityAffairs
