Lenovo warned its customers about two critical Broadcom WiFi vulnerabilities that affect 25 ThinkPad models. The firmware vulnerabilities impact Broadcom’s BCM4356 Wireless LAN Driver for Windows 10 and contain buffer overflow flaws.
What’s interesting is these are the same two firmware vulnerabilities (CVE-2017-11120 and CVE-2017-11121) that were patched by Apple and Google back in September.
More background on the Broadcom WiFi vulnerabilities as stated by Lenovo in their security advisory:
“Broadcom has issued an advisory for certain Broadcom WiFi controllers used by many computer and device makers, which contain buffer overflow vulnerabilities on the adapter (not the system CPU). Broadcom initially did not plan to remediate these issues, but when the WPA2 KRACK issue also emerged, Broadcom combined both fixes in to a single set of driver updates. Lenovo received the first of these near the end of 2017, and continues releasing fixes as integration and testing is completed.”
Both of the vulnerabilities are rated critical and the highest rated CVSS score of 10.0.
As Threatpost reported Friday, the first vulnerability CVE-2017-11120 was identified by Google Project Zero researcher Gal Beniamini in June and subsequently disclosed publicly last September.
“Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip),” Beniamini said.
ThinkPad users are strongly encouraged to update to the latest WiFi driver versions on affected ThinkPad models.