Lenovo patches vulnerabilities

Lenovo issued two security advisories that address vulnerabilities that affect its popular System x server lines and ThinkPad models.

The first high rated bug is a System x Secure Boot Vulnerability (CVE-2017-3775) and authentication flaw that could allow for arbitrary code execution. Nearly a dozen enterprise-class Lenovo systems are impacted to include its System x, Flex System and one high-density NeXtScale nx360 M5 model server, according to the Lenovo advisory (LEN-20241). 

Lenovo advises to apply the BIOS/UEFI updates as appropriate on affected models and as soon as possible.

The second medium rated by is a buffer overflow vulnerability in Lenovo’s System Update Drive Mapping Utility. 

“MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) contains a local vulnerability where an attacker entering very large user ID or password can overrun the program’s buffer, causing undefined behaviors, such as execution of arbitrary code,” according the advisory (LEN-19625).

Lenovo advises users to upgrade Lenovo System Update to version 5.07.0072 or later to address the buffer overflow flaw. 

Leave a Reply

Your email address will not be published. Required fields are marked *