Lenovo (ThinkPad) ThinkPad X1 Carbon 4th / X1 Yoga 1st

Lenovo ThinkPad X1 Carbon 4th / X1 Yoga 1st System Firmware N1FET82W, version 1.56

Atom Feed

Version 0.1.56
2023-01-05 09:12:25

Lenovo ThinkPad X1 Carbon 4th X1 Yoga 1st System Firmware Version 1.55 Important updates: - Update includes a security fix.New functions or enhancements: - Version 04.27.000 code of FIT's InROM diagnostics.Problem fixes:- Fixed "Clear All Secure Boot Keys" not working when Secure Boot is Enable

Urgency high
Reported Success 98% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.55
2022-10-31 12:25:39

Lenovo ThinkPad X1 Carbon 4th X1 Yoga 1st System Firmware Version 1.55

Important updates: - Update includes a security fix.

New functions or enhancements: - Updated the Diagnostics module to version 04.26.000.

Problem fixes:- Nothing

Urgency high
Reported Success 100% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.54 — not be suitable for production systems
2022-08-18 10:03:27

System Firmware Version 1.54

[Important updates] - Update includes a security fix.

[New functions or enhancements] - Updated the Diagnostics module to version 04.25.000.

[Problem fixes] - Nothing

Urgency high
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.53
2022-06-24 03:19:31

Lenovo ThinkPad X1 Carbon 4th, X1 Yoga 1st System Firmware

Version 1.53

Important updates

  • Enhancement to address security vulnerability

New functions or enhancements

  • Updated the Diagnostics module to version 04.24.000.
  • Updated the CPU microcode.

Problem fixes

  • Fixed an issue where device firmware update failed when OPAL management software is installed.

Urgency high
Reported Success 98% (high confidence)
Fixed issues:
  • CVE-2022-0005

    Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.

  • CVE-2022-21151

    Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.48
2021-03-04 02:06:27

Lenovo ThinkPad X1 Carbon 4th / X1 Yoga 1st System Firmware

Urgency None
Reported Success 98% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.45 — not be suitable for production systems
2020-04-07 01:06:19

ThinkPad X1 Carbon 4th / X1 Yoga 1st 0.1.45

This stable release fixes the following issues:

[Important] Update includes a security fix.

Some new functionality has also been added:

(New) Updated the Diagnostics module to version 04.11.000.

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2019-14607

    Improper conditions check in multiple IntelĀ® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

  • CVE-2019-0154

    Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2019-0185

    Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0184

    Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0117

    Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0124

    Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-0123

    Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-0152

    Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-0151

    Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.42
2019-05-23 09:45:19

Lenovo ThinkPad X1 Carbon 4th / X1 Yoga 1st System Firmware Version 1.42

This update also adds the following features:

  • Update includes a security fix.
  • Updated the Diagnostics module to 04.06.000.

Urgency high
Reported Success 98% (high confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.41
2019-05-23 08:46:38

Lenovo ThinkPad X1 Carbon 4th / X1 Yoga 1st System Firmware Version 1.41

This update also adds the following features:

  • Updated the Diagnostics module to full version 04.05.000.
  • Fixed an issue where SAMSUNG PM871 SSD might not be detected correctly after system restart.

Urgency high
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.40
2018-12-10 02:21:01

Lenovo ThinkPad X1 Carbon 4th / X1 Yoga 1st System Firmware Version 1.40

This update also adds the following features:

  • Security fix addresses LEN-20494 TPM 2.0 Sleep-Wake Error in BIOS Firmware.Refer to Lenovo's Security Advisory page for additional information.
  • Updated the Diagnostics module to version 04.05.000.

Urgency high
Reported Success 100% (medium confidence)
Fixed issues:
  • CVE-2018-6622

    An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.39
2018-11-22 03:10:43

Lenovo ThinkPad X1 Carbon 4th / X1 Yoga 1st System Firmware Version 1.39

This update also adds the following features:

  • Update includes a security fix.
  • Added Hyper Threading enable/disable option to ThinkPad Setup for virtualized system users in order to address LEN-24163 L1 Terminal Fault Side Channel Vulnerabilities.
  • Security fix addresses LEN-23848 Insecure Handling of BIOS and AMT Passwords in Intel Platform Sample Firmware.

Refer to Lenovo's Security Advisory page for additional information.

Urgency high
Reported Success 92% (medium confidence)
Fixed issues:
  • CVE-2017-5704

    Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.

  • VU#982149

    Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

  • CVE-2018-3646

    Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.38
2018-08-22 06:19:36

This update also adds the following features:

  • Updated the Diagnostics module to version 04.00.001.

This update fixes the following problems:

  • Fixed an issue where BIOS silent update might fail with system account.
  • Fixed an issue where BIOS POST might display the error message "Boot Manager recover from an error."

Urgency unknown
Reported Success 92% (medium confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details

LVFS © 2015 Richard Hughes with icons from Font Awesome and GeoIP data from IP2Location.

Linux Vendor Firmware Service Project a Series of LF Projects, LLC :: Charter