{"id":28305,"date":"2023-01-07T00:11:06","date_gmt":"2023-01-06T23:11:06","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=28305"},"modified":"2024-10-05T19:09:33","modified_gmt":"2024-10-05T17:09:33","slug":"thinkpad-x13s-bios-update-fixes-vulnerabilities","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/01\/07\/thinkpad-x13s-bios-update-fixes-vulnerabilities\/","title":{"rendered":"ThinkPad X13s: BIOS Update fixes vulnerabilities"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2023\/01\/07\/thinkpad-x13s-bios-update-schliet-schwachstellen\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Lenovo has pointed out a number of vulnerabilities in the BIOS of the ThinkPad X13s in a security announcement. These allow memory corruption and information disclosure. A BIOS update is available to close the vulnerabilities.<\/p>\n<p><!--more--><\/p>\n<p>Lenovo lists the following vulnerabilities that allow memory corruption and information disclosure in this security advisory.<\/p>\n<ul>\n<li>CVE-2022-40516<\/li>\n<li>CVE-2022-40517<\/li>\n<li>CVE-2022-40518<\/li>\n<li>CVE-2022-40519<\/li>\n<li>CVE-2022-40520<\/li>\n<li>CVE-2022-4432<\/li>\n<li>CVE-2022-4433<\/li>\n<li>CVE-2022-4434<\/li>\n<li>CVE-2022-4435<\/li>\n<\/ul>\n<p>Lenovo states the following impact of these vulnerabilities:<\/p>\n<ul>\n<li>CVE-2022-40516, CVE-2022-40517, CVE-2022-40520: Qualcomm reported several stack-based buffer overflow vulnerabilities in Qualcomm BIOS that could allow a local attacker with elevated privileges to cause memory corruption.<\/li>\n<li>CVE-2022-40518, CVE-2022-40519: Qualcomm reported several buffer over-read vulnerabilities in Qualcomm BIOS that could allow a local attacker with elevated privileges to cause information disclosure.<\/li>\n<li>CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, CVE-2022-4435: Several buffer over-read vulnerabilities were reported in ThinkPad X13s BIOS that could allow a local attacker with elevated privileges to cause information disclosure.<\/li>\n<\/ul>\n<p>To close the vulnerabilities, a ThinkPad X13s BIOS update to <a href=\"https:\/\/pcsupport.lenovo.com\/us\/en\/products\/laptops-and-netbooks\/thinkpad-x-series-laptops\/thinkpad-x13s-type-21bx-21by\/downloads\/ds556845-bios-update-utility-bootable-cd-for-windows-11-thinkpad-x13s-gen-1-type-21bx-21by?category=BIOS%2FUEFI\" target=\"_blank\" rel=\"noopener\">version 1.47 (N3HET75W)<\/a> or newer should be performed. \u00a0(<a href=\"https:\/\/www.heise.de\/news\/BIOS-Sicherheitsupdates-Mehrere-Attacken-auf-Leonovo-ThinkPad-X13s-moeglich-7450558.html\" target=\"_blank\" rel=\"noopener\">via<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Lenovo has pointed out a number of vulnerabilities in the BIOS of the ThinkPad X13s in a security announcement. These allow memory corruption and information disclosure. A BIOS update is available to close the vulnerabilities.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[71,580],"tags":[103,69],"class_list":["post-28305","post","type-post","status-publish","format-standard","hentry","category-computer","category-security","tag-computer","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/28305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=28305"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/28305\/revisions"}],"predecessor-version":[{"id":35749,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/28305\/revisions\/35749"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=28305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=28305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=28305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}