ThinkPad X13s: BIOS Update fixes vulnerabilities

[Gandalf_The_Grey]

Content source

https://borncity.com/win/2023/01/07/thinkpad-x13s-bios-update-fixes-vulnerabilities/

Lenovo has pointed out a number of vulnerabilities in the BIOS of the ThinkPad X13s in a security announcement. These allow memory corruption and information disclosure. A BIOS update is available to close the vulnerabilities.

Lenovo lists the following vulnerabilities that allow memory corruption and information disclosure in this security advisory.

• CVE-2022-40516
• CVE-2022-40517
• CVE-2022-40518
• CVE-2022-40519
• CVE-2022-40520
• CVE-2022-4432
• CVE-2022-4433
• CVE-2022-4434
• CVE-2022-4435

Lenovo states the following impact of these vulnerabilities:

• CVE-2022-40516, CVE-2022-40517, CVE-2022-40520: Qualcomm reported several stack-based buffer overflow vulnerabilities in Qualcomm BIOS that could allow a local attacker with elevated privileges to cause memory corruption.
• CVE-2022-40518, CVE-2022-40519: Qualcomm reported several buffer over-read vulnerabilities in Qualcomm BIOS that could allow a local attacker with elevated privileges to cause information disclosure.
• CVE-2022-4432, CVE-2022-4433, CVE-2022-4434, CVE-2022-4435: Several buffer over-read vulnerabilities were reported in ThinkPad X13s BIOS that could allow a local attacker with elevated privileges to cause information disclosure.

To close the vulnerabilities, a ThinkPad X13s BIOS update to version 1.47 (N3HET75W) or newer should be performed.