Lenovo published a security advisory for Critical Arbitrary code execution vulnerability that affects Lenovo Thinkpad Series Laptop.
The two code execution vulnerabilities (CVE-2017-11120, CVE-2017-11121) resides with Broadcom WiFi controllers that used in ThinkPad products.
The critical buffer overflow flaws resides with the adapter used by Broadcom’s wireless LAN driver and it can be remotely exploited by an attacker. Both the vulnerabilities have Exploitability Subscore of 10.
By installing the backdoor attacker can gain R/W access to the firmware and no user interaction is needed.
CVE-2017-11120 – On Broadcom BCM4355C0 Wi-Fi chips 220.127.116.11.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.
Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip).Beniamini added.
CVE-2017-11121 also discovered by Beniamini – On Broadcom BCM4355C0 Wi-Fi chips 18.104.22.168.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to a denial of service or other effects, aka B-V2017061205.
Lenovo Thinkpad vulnerabilities – Products Impacted
Following are the products impacted and Lenovo strongly recommends to update Wi-Fi driver’s in the affected versions.
ThinkPad 10, ThinkPad L460, ThinkPad P50s, ThinkPad T460, ThinkPad T460p, ThinkPad T460s, ThinkPad T560, ThinkPad X260 and ThinkPad Yoga 260.