cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Polymathic
Serial Port
Posts: 15
Registered: ‎06-07-2014
Location: US
Views: 299
Message 1 of 1

Product impact gaps in Lenovo Security Advisories (LEN-26294, LEN-26696, LEN-25662, LEN-25085)

Hello,

I have identified the following gaps in product impact information in several recent Lenovo Security Advisories, for products I own. 

 

I am posting this in the hopes that some conscientious employee will see this list and start the process to update the relevant security advisories. 

 

  • LEN-26294 "Intel Firmware Vulnerabilities", has a product impact entry for machine type 20MF, but none for machine type 90DD.
  • LEN-26696 "Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities," has a product impact entry for machine type 20MF, but none for machine type 90DD. 
  • LEN-25662 "Intel Integrated Performance Primitives (IPP) Information Disclosure", has no product impact entry for machine type 20MF, even though there appears to be for most other ThinkPads. 
  • LEN-25085 "Intel Firmware Vulnerabilities," has a product impact entry for "ThinkPad X1 Extreme", but no machine types are indicated within it, and there is no product impact entry for machine type 90DD. 

I have an active Premier Support subscription, but the eTicket form is so terse it isn't even possible to enter this information in any intelligible manner.

 

I am well aware that this is primarily a peer support form, but this seems to be the only mechanism to post this kind of information in the hopes that someone will see it. Thus, I respectfully request that no one post the everpresent helpful reminder that this may never see an actual response from staff. I get it, but sometimes staff members do read these, so I'm taking the gamble in the hopes that someone will address these in the interest of our collective cybersecurity. 

 

Thanks in advance for your help! 

 

Check out current deals!


Shop current deals

Top Kudoed Authors