Lenovo issued two security advisories that address vulnerabilities that affect its popular System x server lines and ThinkPad models.
The first high rated bug is a System x Secure Boot Vulnerability (CVE-2017-3775) and authentication flaw that could allow for arbitrary code execution. Nearly a dozen enterprise-class Lenovo systems are impacted to include its System x, Flex System and one high-density NeXtScale nx360 M5 model server, according to the Lenovo advisory (LEN-20241).
Lenovo advises to apply the BIOS/UEFI updates as appropriate on affected models and as soon as possible.
The second medium rated by is a buffer overflow vulnerability in Lenovo’s System Update Drive Mapping Utility.
“MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) contains a local vulnerability where an attacker entering very large user ID or password can overrun the program’s buffer, causing undefined behaviors, such as execution of arbitrary code,” according the advisory (LEN-19625).
Lenovo advises users to upgrade Lenovo System Update to version 5.07.0072 or later to address the buffer overflow flaw.