A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
2018-11-16T14:29:00.427
2024-11-21T04:14:56.817
Modified
CVSSv3.0: 4.9 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:P/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | lenovo | flex_system_x240_m4_firmware | < a3e122b | Yes |
| Hardware | lenovo | flex_system_x240_m4 | - | No |
| Operating System | lenovo | flex_system_x440_m4_firmware | < cge122b | Yes |
| Hardware | lenovo | flex_system_x440_m4 | - | No |
| Operating System | lenovo | system_x3750_m4_firmware | < a5e124b | Yes |
| Hardware | lenovo | system_x3750_m4 | - | No |
| Operating System | ibm | bladecenter_hs23_firmware | < tke160c | Yes |
| Hardware | ibm | bladecenter | hs23 | No |
| Operating System | ibm | bladecenter_hs23e_firmware | < ahe160c | Yes |
| Hardware | ibm | bladecenter | hs23e | No |
| Operating System | ibm | flex_system_x220_m4_firmware | < kse158c | Yes |
| Hardware | ibm | flex_system_x220 | - | No |
| Operating System | ibm | flex_system_x222_m4_firmware | < cce160c | Yes |
| Hardware | ibm | flex_system_x222_m4 | - | No |
| Operating System | ibm | flex_system_x240_m4_firmware | < ahe160c | Yes |
| Hardware | ibm | flex_system_x240_m4 | - | No |
| Operating System | ibm | flex_system_x280_x6_firmware | < n3e132w | Yes |
| Hardware | ibm | flex_system_x280_x6 | - | No |
| Operating System | ibm | flex_system_x440_m4_firmware | < cne162d | Yes |
| Hardware | ibm | flex_system_x440_m4 | - | No |
| Operating System | ibm | flex_system_x480_x6_firmware | < n3e132w | Yes |
| Hardware | ibm | flex_system_x480_x6 | - | No |
| Operating System | ibm | flex_system_x880_x6_firmware | < n2e130e | Yes |
| Hardware | ibm | flex_system_x880_x6 | - | No |
| Operating System | ibm | idataplex_dx360_m4_firmware | < fhe120d | Yes |
| Hardware | ibm | idataplex_dx360_m4_ | - | No |
| Operating System | ibm | idataplex_dx360_m4_water_cooled_firmware | < fhe120d | Yes |
| Hardware | ibm | idataplex_dx360_m4_ | - | No |
| Operating System | ibm | system_x3100_m4_firmware | < jqe184c | Yes |
| Hardware | ibm | system_x3100_m4 | * | No |
| Operating System | ibm | system_x3100_m5_firmware | < j9e134c | Yes |
| Hardware | ibm | system_x3100_m5 | * | No |
| Operating System | ibm | system_x3250_m4_firmware | < jqe184c | Yes |
| Hardware | ibm | system_x3250_m4 | * | No |
| Operating System | ibm | system_x3250_m5_firmware | < jue134c | Yes |
| Hardware | ibm | system_x3250_m5 | * | No |
| Operating System | ibm | system_x3300_m4_firmware | < yae156c | Yes |
| Hardware | ibm | system_x3300_m4 | * | No |
| Operating System | ibm | system_x3500_m4_firmware | < y5e158c | Yes |
| Hardware | ibm | system_x3500_m4 | * | No |
| Operating System | ibm | system_x3530_m4_firmware | < bee164c | Yes |
| Hardware | ibm | system_x3530_m4 | * | No |
| Operating System | ibm | system_x3550_m4_firmware | < d7e166d | Yes |
| Hardware | ibm | system_x3550_m4 | * | No |
| Operating System | ibm | system_x3630_m4_firmware | < vve162c | Yes |
| Hardware | ibm | system_x3630_m4 | * | No |
| Operating System | ibm | system_x3650_m4_firmware | < vve160c | Yes |
| Hardware | ibm | system_x3650_m4 | * | No |
| Operating System | ibm | system_x3650_m4_bd_firmware | < vve160c | Yes |
| Hardware | ibm | system_x3650_m4_bd | * | No |
| Operating System | ibm | system_x3650_m4_hd_firmware | < vve160c | Yes |
| Hardware | ibm | system_x3650_m4_hd | * | No |
| Operating System | ibm | system_x3750_m4_firmware | < koe160c | Yes |
| Hardware | ibm | system_x3750_m4 | * | No |
| Operating System | ibm | system_x3850_x6_firmware | < a8e128c | Yes |
| Hardware | ibm | system_x3850_x6 | * | No |
| Operating System | ibm | system_x3950_x6_firmware | < bee164c | Yes |
| Hardware | ibm | system_x3950_x6 | * | No |