Lenovo patches critical flaws that affect Broadcom’s chipsets in dozens of Lenovo ThinkPad

According to a security advisory issued by Lenovo, two critical vulnerabilities in Broadcom chipsets affects at least 25 models of Lenovo ThinkPad.

The affected models are ThinkPad 10,  ThinkPad L460, ThinkPad P50s, ThinkPad T460, ThinkPad T460p, ThinkPad T460s, ThinkPad T560, ThinkPad X260 and ThinkPad Yoga 260.

One of the flaws was discovered in June by Google that publicly disclosed it in September. Google also published a proof-of-concept exploit for a Wi-Fi firmware vulnerability affecting Broadcom chipsets in iOS 10 and earlier.

The flaw tracked as CVE-2017-11120, is a memory corruption vulnerability that could be exploited by attackers to execute code and establish a backdoor on a targeted device. T

The flaw initially reported affecting specific Broadcom chipsets used in Apple iPhones, Apple TV, and Android devices was patched in the same month.

The vulnerability, tracked as CVE-2017-11120, is a memory corruption vulnerability, Apple addressed it in the security update for the release of iOS 11.

Now Lenovo warns of the presence of the flaw in two dozen ThinkPad models that use Broadcom’s BCM4356 Wireless LAN Driver for Windows 10.

The Broadcom Wi-Fi chipsets used by Lenovo ThinkPad devices are affected by the CVE-2017-11120 flaw and also by the CVE-2017-11121 vulnerability, both issue are rated as “critical” and received a CVSS 10 score.

“Broadcom has issued an advisory for certain Broadcom WiFi controllers used by many computer and device makers, which contain buffer overflow vulnerabilities on the adapter (not the system CPU).“reads the security advisory.” Broadcom initially did not plan to remediate these issues, but when the WPA2 KRACK issue also emerged, Broadcom combined both fixes in to a single set of driver updates. Lenovo received the first of these near the end of 2017, and continues releasing fixes as integration and testing is completed.” 

The flaws can be exploited by remote attackers to execute arbitrary code on the adapter (not the system’s CPU) of the target system.

The CVE-2017-11121 vulnerability was also discovered by Google experts, it is a buffer overflow vulnerability caused by improper validation of Wi-Fi signals.

“Properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects,” reads the description for the flaw.

Lenovo users urge to update the Wi-Fi driver for their ThinkPad models.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Lenovo Thinkpad, Broadcom Wi-Fi chipsets)

[adrotate banner=”5″]

[adrotate banner=”13″]