In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.
References
Link | Resource |
---|---|
https://support.lenovo.com/us/en/solutions/LEN-24374 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2018-11-27 06:29
Updated : 2018-12-19 14:18
NVD link : CVE-2018-16091
Mitre link : CVE-2018-16091
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
lenovo
- thinksystem_d2_enclosure_7x20
- thinksystem_modular_enclosure_7x22
- thinkagile_hx_enclosure_7y87
- thinkagile_hx_enclosure_7x81
- system_management_module_firmware
- thinkagile_vx_enclosure_7y91
- thinkagile_vx_enclosure_7y11
- thinkagile_hx_enclosure_7z02