CVE-2024-26836

Sažetak

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed (if Admin password is enabled). Tested on some Thinkpads to confirm they are OK with this order too.

Reference

https://git.kernel.org/stable/c/2bfbe1e0aed00ba51d58573c79452fada3f62ed4
https://git.kernel.org/stable/c/2deb10a99671afda30f834e95e5b992a805bba6a
https://git.kernel.org/stable/c/6f7d0f5fd8e440c3446560100ac4ff9a55eec340
https://git.kernel.org/stable/c/2bfbe1e0aed00ba51d58573c79452fada3f62ed4
https://git.kernel.org/stable/c/6f7d0f5fd8e440c3446560100ac4ff9a55eec340

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

25-11-2025 - 17:29

Objavljeno

17-04-2024 - 10:15