LVFS: ThinkCentre M90q-2, ThinkCentre M70q-2, ThinkCentre M740q, ThinkStation P350tiny

Lenovo (ThinkCentre) ThinkCentre M90q-2, ThinkCentre M70q-2, ThinkCentre M740q, ThinkStation P350tiny

System Firmware M3JKT3FA for ThinkCentre M90q-2, ThinkCentre M70q-2, ThinkCentre M740q, ThinkStation P350tiny

Version 1.63
2024-08-19 06:58:45

This stable release fixes the following issues:

Add Security Windows ufei 23CA.

Urgency	low
Reported Success	100% (low confidence)
Fixed issues:	CVE-2023-28383 Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-42772 CVE-2023-25546 CVE-2023-43626 CVE-2024-21871 CVE-2023-22351 CVE-2024-23599
Licenses	Proprietary, distributed by agreement
Security	Contains Absolute Computrace Agent More info No issues found using FwHunt from Binarly More info Contains Intel Boot Guard More info Update is cryptographically signed More info Added to the LVFS by Lenovo More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Tested By	Lenovo on Ubuntu 24.04，fwupd v1.9.16 a month ago The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details Compare with previous

Version 1.62
2024-05-20 02:06:26

This stable release fixes the following issues:

TFTP Windows Size issue.
Fix BIOS Setup is missing "Wake from Serial Port Ring" section issue.

Urgency	low
Reported Success	100% (low confidence)
Fixed issues:	VU#132380 Vulnerabilities in EDK2 NetworkPkg IP stack implementation. CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in IP Stack CVE-2023-45236 Predictable TCP initial sequence numbers (ISNs) generated by the TCP/IP stack. CVE-2023-45235 Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message CVE-2023-45234 Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message CVE-2023-45233 Infinite loop when parsing a PadN option in the Destination Options header CVE-2023-45232 Infinite loop when parsing unknown options in the Destination Options header CVE-2023-45231 Out-of-bounds read when handling a ND Redirect message with truncated options CVE-2023-45230 Buffer overflow in the DHCPv6 client via a long Server ID option. CVE-2023-45229 Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message LEN-146615 LEN-149663 LEN-154754 LEN-152500
Licenses	Proprietary, distributed by agreement
Security	Contains Absolute Computrace Agent More info No issues found using FwHunt from Binarly More info Contains Intel Boot Guard More info Update is cryptographically signed More info Added to the LVFS by Lenovo More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details Compare with previous

Version 1.60
2023-12-05 10:18:52

This stable release fixes the following issues:

Update Update CPU microcode.
Autopilot marker fix.
Fix Setup Layout issues.
Add Microsoft Corp KEK 2K Ca 2023.

Urgency	low
Reported Success	93% (low confidence)
Fixed issues:	LEN-132277 LEN-124704 LEN-119525 CVE-2023-39539 CVE-2022-29871 CVE-2022-38102 CVE-2022-36392 CVE-2022-43505 CVE-2022-38083 CVE-2022-27879 CVE-2022-44611 CVE-2022-37343 CVE-2022-40982 CVE-2022-36765 CVE-2022-36764 CVE-2022-36763 CVE-2023-0464 CVE-2023-0465
Licenses	Proprietary, distributed by agreement
Security	Contains Absolute Computrace Agent More info No issues found using FwHunt from Binarly More info Contains Intel Boot Guard More info Update is cryptographically signed More info Added to the LVFS by Lenovo More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details Compare with previous

Version 1.56
2023-01-16 08:09:22

This stable release fixes the following issues:

Enhancement to address security vulnerability.
Lock DPTF access in BIOS setup.

Urgency	low
Reported Success	97% (high confidence)
Licenses	Proprietary, distributed by agreement
Security	Contains Absolute Computrace Agent More info Contains Intel Boot Guard More info Update is cryptographically signed More info Added to the LVFS by Lenovo More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Issues found using FwHunt from Binarly More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details Compare with previous

Version 1.54
2022-09-27 05:54:52

This stable release fixes the following issues:

Enhance remote BIOS update support.
Enhancement to address security vulnerability.

Urgency	low
Reported Success	80% (low confidence)
Licenses	Proprietary, distributed by agreement
Security	Contains Intel Boot Guard More info Update is cryptographically signed More info Added to the LVFS by Lenovo More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Issues found using FwHunt from Binarly More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details Compare with previous

Version 1.51 — not be suitable for production systems
2022-09-16 05:02:17

This stable release fixes the following issues:

Fix Setup layout issues
Enhancement to address security vulnerability

Urgency	low
Reported Success	50% (low confidence)
Licenses	Proprietary, distributed by agreement
Security	Contains Intel Boot Guard More info Update is cryptographically signed More info Added to the LVFS by Lenovo More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Issues found using FwHunt from Binarly More info Firmware has no attestation checksums More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Download Archive Firmware Details

Lenovo (ThinkCentre) ThinkCentre M90q-2, ThinkCentre M70q-2, ThinkCentre M740q, ThinkStation P350tiny

Version 1.63 2024-08-19 06:58:45

The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.

Version 1.62 2024-05-20 02:06:26

Version 1.60 2023-12-05 10:18:52

Version 1.56 2023-01-16 08:09:22

Version 1.54 2022-09-27 05:54:52

Version 1.51 — not be suitable for production systems 2022-09-16 05:02:17

Version 1.63
2024-08-19 06:58:45

Version 1.62
2024-05-20 02:06:26

Version 1.60
2023-12-05 10:18:52

Version 1.56
2023-01-16 08:09:22

Version 1.54
2022-09-27 05:54:52

Version 1.51 — not be suitable for production systems
2022-09-16 05:02:17