CVE-2024-26836

medium

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed (if Admin password is enabled). Tested on some Thinkpads to confirm they are OK with this order too.

References

https://git.kernel.org/stable/c/6f7d0f5fd8e440c3446560100ac4ff9a55eec340

https://git.kernel.org/stable/c/2deb10a99671afda30f834e95e5b992a805bba6a

https://git.kernel.org/stable/c/2bfbe1e0aed00ba51d58573c79452fada3f62ed4

Details

Source: Mitre, NVD

Published: 2024-04-17

Updated: 2024-10-10

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium