Lenovo (ThinkPad) ThinkPad L560

Lenovo ThinkPad L560 System Firmware N1HET96W, version 1.62

Atom Feed

Version 0.1.62
2023-01-05 03:03:43

Lenovo ThinkPad L560 System Firmware

Changes in this release: Version 1.62

Important updates

  • Enhancement to address security vulnerabilities.

New functions or enhancements

  • Updated the Diagnostics module to version 04.27.000.

Problem fixes

  • Fixed "Clear All Secure Boot Keys" not working when Secure Boot is Enable.
  • Fixed an issue SecureBootEnable is not protected.

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • VU#584653

    CPU hardware vulnerable to side-channel attacks

  • CVE-2017-5715

    Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

  • VU#309662

    Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass

  • CVE-2022-34303

    CryptoPro Secure Disk: Microsoft Secure Boot Bypass Vulnerability - CryptoPro Secure Disk bootloader can replace the current bootloader to allow it to execute code before the OS loads and maintain persistence pre-OS. This is done by replacing the existing bootloader with a vulnerable one, since it is signed by Microsoft it is considered a valid bootloader until it's hash is revoked in DBX

  • CVE-2022-34302

    New Horizon Datasys Inc: Microsoft Secure Boot Bypass Vulnerability - New Horizon Datasys Inc bootloader can replace the current bootloader to allow it to execute code before the OS loads and maintain persistence pre-OS. This is done by replacing the existing bootloader with a vulnerable one, since it is signed by Microsoft it is considered a valid bootloader until it's hash is revoked in DBX

  • CVE-2022-34301

    Eurosoft (UK) Ltd: Microsoft Secure Boot Bypass Vulnerability- Eurosoft (UK) Ltd bootloader can replace the current bootloader to allow it to execute code before the OS loads and maintain persistence pre-OS. This is done by replacing the existing bootloader with a vulnerable one, since it is signed by Microsoft it is considered a valid bootloader until it's hash is revoked in DBX

  • CVE-2022-33894
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.61
2022-11-04 06:21:20

Lenovo ThinkPad L560 System Firmware

Changes in this release: Version 1.61

Important updates

  • Update includes a security fix.

New functions or enhancements

  • Updated the Diagnostics module to version 04.26.000.

Urgency high
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.60
2022-08-09 02:20:21

Lenovo ThinkPad L560 System Firmware

  • WARNING:

Changes in this release: Version 1.60

Important updates

  • Update includes a security fix.

New functions or enhancements

  • Updated the Diagnostics module to version 04.25.000.

Urgency high
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.59
2022-07-06 02:22:10

Lenovo ThinkPad L560 System Firmware

  • WARNING:

Changes in this release: Version 1.59

Important updates

  • Enhancement to address security vulnerabilities.

New functions or enhancements

  • Updated the Diagnostics module to version 04.24.000.
  • Updated the CPU microcode.
  • Updated MEBx.

Problem fixes

  • Fixed an issue where device firmware update failed when OPAL management software was installed.

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2022-0005

    Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.

  • CVE-2022-21151

    Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.58
2022-01-18 04:06:09

Lenovo ThinkPad L560 System Firmware

Changes in this release: Version 1.58

  • Important updates
  • Update includes a security fix.
  • New functions or enhancements
  • Updated the TXT BIOS ACM.
  • Updated the CPU microcode.
  • Updated the Diagnostics module to version 04.21.000.

Urgency None
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.57
2021-12-08 03:00:56

Lenovo ThinkPad L560 System Firmware

Changes in this release: Version 1.57

Important updates

  • Update includes a security fix.

New functions or enhancements

  • Updated the Diagnostics module to version 04.18.000.

Urgency None
Reported Success 50% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.56
2021-10-06 01:50:25

Lenovo ThinkPad L560 System Firmware

Changes in this release: Version 1.56

Important updates

  • Address security problems.

Urgency high
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.55
2021-06-23 02:29:31

Lenovo ThinkPad L560 System Firmware

Changes in this release: Version 1.55

New functions or enhancements

  • Updated the CPU microcode.
  • Updated the Diagnostics module to version 04.17.000.

Important updates

  • Address security problem.

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2020-24512

    Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-24511

    Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.54
2020-11-25 01:30:20

Version 1.53

This update also adds the following features:

  • Update includes a security fix.
  • Updated the CPU microcode.
  • Updated the Diagnostics module to version 04.15.000.

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2020-8698

    Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-0593

    Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-0592

    Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.

  • CVE-2020-0591

    Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-0590

    Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2020-0588

    Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-0587

    Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8696

    Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.53
2020-07-16 03:39:21

Version 1.53

This update also adds the following features:

  • Update includes a security fix.
  • Updated the Diagnostics module to version 04.12.001.

Urgency high
Fixed issues:
  • CVE-2020-0543

    Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-0549

    Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-0548

    Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.52
2020-01-31 06:07:18

Version 1.52

  • Refer to Lenovo's Security Advisory page for additional information about "Multi-vendor BIOS Security Vulnerabilities"

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2019-14607

    Improper conditions check in multiple IntelĀ® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

  • CVE-2019-0154

    Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2019-0185

    Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0184

    Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0117

    Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0123

    Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-0152

    Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-0151

    Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • LEN-27714
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.51
2020-01-10 06:36:13

Version 1.51

This update also adds the following features:

Security fix addresses ThinkPad Embedded Controller Update Vulnerability.Refer to Lenovo's Security Advisory page for additional information.

Urgency high
Fixed issues:
  • CVE-2019-6171

    A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

  • LEN-27764
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.49
2019-07-26 08:18:28

Version 1.49

This update also adds the following features:

  • Refer to Lenovo's Security Advisory page for additional information about "TPM 2.0 Sleep-Wake Error in BIOS Firmware"
  • Update includes a security fix.
  • Fixed an issue where system might hang up at POST when some KVM device was connected.

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2018-6622

    An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.

  • LEN-20494
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.48
2019-06-17 05:46:55

Lenovo ThinkPad L560 System Firmware

Version 1.48

This update also adds the following features:

  • Enhancement to address security vulnerability
  • Updated the CPU microcode.
  • Updated the Diagnostics module to version 04.08.000.

Urgency high
Fixed issues:
  • CVE-2018-12130

    Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

  • CVE-2018-12127

    Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

  • CVE-2018-12126

    Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.47
2019-03-28 02:47:10

Lenovo ThinkPad L560 System Firmware

Version 1.47

This update also adds the following features:

  • Update includes a security fix.
  • Updated the Diagnostics module to 04.06.000.

Urgency high
Reported Success 100% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.46
2019-01-08 01:47:09

Version 1.46

This update also adds the following features:

  • Security fix addresses TPM 2.0 Sleep-Wake Error in BIOS Firmware.Refer to Lenovo's Security Advisory page for additional information.
  • Updated the Diagnostics module to full version 04.05.000.

Urgency high
Fixed issues:
  • CVE-2018-6622

    An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.

  • LEN-20494
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.44
2018-10-11 08:41:05

This update fixes the following important problems:

  • Update includes a security fix.
  • Security fix addresses Insecure Handling of BIOS and AMT Passwords in Intel Platform Sample Firmware
  • Added Hyper Threading enable/disable option to ThinkPad Setup for virtualized system users in order to address L1 Terminal Fault Side Channel Vulnerabilities.
  • Fixed an issue where the system may not unlock by TPM pin code.

Refer to Lenovo's Security Advisory page for additional information.

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2018-3646

    Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

  • CVE-2017-5704

    Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.

  • VU#982149

    Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)

  • LEN-24163
  • LEN-23848
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.43
2018-10-02 07:40:09

This update adds the following features:

  • Updated the Diagnostics module to version 04.00.001.

Urgency high
Licenses
Security
Release Gating
Download Archive Firmware Details

LVFS © 2015 Richard Hughes with icons from Font Awesome and GeoIP data from IP2Location.

Linux Vendor Firmware Service Project a Series of LF Projects, LLC :: Charter