Lenovo (ThinkPad) ThinkPad X280

Lenovo Thinkpad X280 System Firmware N20ET69W, version 1.54.

Atom Feed

Version 0.1.54 — not be suitable for production systems
2024-08-01 11:02:55

Lenovo System Firmware Version 1.54

New functions or enhancements

  • Updated the Diagnostics module to version 04.34.001.
  • Added Infineon TPM ESRT Entry.

Urgency high
Reported Success 72% (low confidence)
Licenses
Security
Tested By
  • Lenovo on Ubuntu 22.04,fwupd v1.7.5 2 months ago
  • Lenovo on SLED 15.4,fwupd v1.7.3 2 months ago
  • Lenovo on RHEL 9.1,fwupd v1.7.9 2 months ago
  • Lenovo on Debian 11,fwupd v1.5.7 2 months ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.53
2024-03-27 05:59:05

Lenovo System Firmware Version 1.53

Important updates

  • Enhancement to address security vulnerabilities

New functions or enhancements

  • Updated the Diagnostics module to version 04.33.000.

Urgency high
Reported Success 93% (high confidence)
Fixed issues:
  • VU#132380

    Vulnerabilities in EDK2 NetworkPkg IP stack implementation.

  • CVE-2023-24932

    Secure Boot Security Feature Bypass Vulnerability

  • CVE-2022-21894

    Secure Boot Security Feature Bypass Vulnerability

  • CVE-2023-45237

    Use of a Weak PseudoRandom Number Generator in IP Stack

  • CVE-2023-45236

    Predictable TCP initial sequence numbers (ISNs) generated by the TCP/IP stack.

  • CVE-2023-45235

    Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message

  • CVE-2023-45234

    Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message

  • CVE-2023-45233

    Infinite loop when parsing a PadN option in the Destination Options header

  • CVE-2023-27504
  • CVE-2023-45232

    Infinite loop when parsing unknown options in the Destination Options header

  • CVE-2023-45231

    Out-of-bounds read when handling a ND Redirect message with truncated options

  • CVE-2023-45230

    Buffer overflow in the DHCPv6 client via a long Server ID option.

  • CVE-2023-45229

    Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message
Licenses
Security
Tested By
  • Lenovo on Ubuntu 22.04,fwupd v1.7.5 7 months ago
  • Lenovo on SLED 15.4,fwupd v1.7.3 7 months ago
  • Lenovo on RHEL 9.1,fwupd v1.7.9 7 months ago
  • Lenovo on Debian 11,fwupd v1.5.7 7 months ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.52
2023-12-06 09:02:32

Lenovo System Firmware Version 1.52

Important updates

  • Enhancement to address security vulnerability

New functions or enhancements

  • Updated the Diagnostics module to version 04.32.000.

Problem fixes

  • Updated some BIOS Setup help messages.

Urgency high
Reported Success 98% (high confidence)
Fixed issues:
Licenses
Security
Tested By
  • Lenovo on SLED 15.4,fwupd v1.7.3 9 months ago
  • Lenovo on RHEL 9.1,fwupd v1.7.9 9 months ago
  • Lenovo on Debian 11,fwupd v1.5.7 10 months ago
  • Lenovo on Ubuntu 22.04,fwupd v1.7.5 10 months ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.51
2023-09-06 02:11:03

Lenovo System Firmware Version 1.51

Important updates

  • Enhancement to address security vulnerabilities

New functions or enhancements

  • Updated the Diagnostics module to version 04.31.000.

Urgency high
Reported Success 100% (high confidence)
Fixed issues:
  • CVE-2021-38575

    NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

  • CVE-2021-42299

    Microsoft Surface Pro 3 Security Feature Bypass Vulnerability

  • CVE-2021-38578

    Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

Licenses
Security
Tested By
  • Lenovo on RHEL 9.1,fwupd v1.7.9 1 year, 1 month ago
  • Lenovo on Debian 11,fwupd v1.5.7 1 year, 1 month ago
  • Lenovo on Ubuntu 22.04,fwupd v1.7.9 1 year, 1 month ago
  • Lenovo on SLED 15.4,fwupd v1.7.3 1 year, 1 month ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.49
2022-12-16 05:19:45

Lenovo System Firmware Version 1.49

Important updates

  • Update includes a security fix.

New functions or enhancements

  • Updated the Diagnostics module to version 04.27.000

Urgency high
Reported Success 100% (high confidence)
Licenses
Security
Tested By
  • Lenovo on Debian 11,fwupd v1.5.7 1 year, 9 months ago
  • Lenovo on SLED 15.3,fwupd v1.5.8 1 year, 9 months ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.48
2022-10-04 08:33:00

Lenovo System Firmware Version 1.48

Important updates

  • Update includes a security fix.

New functions or enhancements

  • Updated the Diagnostics module to version 04.26.000.

Urgency high
Reported Success 100% (high confidence)
Licenses
Security
Tested By
  • Lenovo on Debian 11,fwupd v1.5.7 1 year, 11 months ago
  • Lenovo on SLED 15.3,fwupd v1.5.8 1 year, 11 months ago
  • Lenovo on RHEL 9.0,fwupd v1.7.4 1 year, 11 months ago
  • Lenovo on Ubuntu 22.04,fwupd v1.7.5 1 year, 11 months ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.47
2022-09-28 06:59:15

Lenovo System Firmware Version 1.47

Important updates

  • Update includes a security fix.

New functions or enhancements

  • Updated the Diagnostics module to version 04.25.000.

Urgency high
Reported Success 100% (low confidence)
Licenses
Security
Tested By
  • Lenovo on RHEL 8.6,fwupd v1.7.4 2 years ago
  • Lenovo on SLED 15.3,fwupd v1.5.8 2 years ago
  • Lenovo on Ubuntu 22.04,fwupd v1.7.5 2 years ago
  • Lenovo on Debian 11,fwupd v1.5.7 2 years ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.46
2022-06-15 06:45:25

Lenovo System Firmware Version 1.46

Important updates

  • Enhancement to address security vulnerability.

New functions or enhancements

  • Updated the Diagnostics module to version 04.24.000.
  • Updated the CPU microcode.

Urgency high
Reported Success 97% (medium confidence)
Fixed issues:
  • CVE-2022-0005

    Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.

  • CVE-2022-21151

    Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Licenses
Security
Tested By
  • Lenovo on Debian 11,fwupd v1.5.7 2 years ago
  • Lenovo on RHEL 8.6,fwupd v1.7.4 2 years ago
  • Lenovo on SLED 15.3,fwupd v1.5.8 2 years ago
  • Lenovo on Ubuntu 20.04,fwupd v1.7.5 2 years ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.45
2021-12-01 02:59:42

Lenovo System Firmware Version 1.45

Important updates

  • Update includes a security fix.

New functions or enhancements

  • Updated the CPU microcode.

Problem fixes

  • Fixed an issue where device firmware update via Windows Update failed when OPAL management software is installed.

Urgency high
Reported Success 100% (high confidence)
Licenses
Security
Tested By
  • Lenovo on RHEL 8.4,fwupd v1.5.9 2 years ago
  • Lenovo on Ubuntu 20.04,fwupd v1.5.11 2 years ago
  • Lenovo on SLED 15.3,fwupd v1.5.8 2 years ago
  • Lenovo on Debian 11,fwupd v1.5.7 2 years ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.44
2021-11-01 02:47:38

Lenovo System Firmware Version 1.44

Important updates

  • Update includes a security fix.

New functions or enhancements

  • Updated the Diagnostics module to version 04.18.000.

Urgency high
Reported Success 100% (medium confidence)
Licenses
Security
Tested By
  • Lenovo on SLED 15.3,fwupd v1.5.8 2 years ago
  • Lenovo on RHEL 8.4,fwupd v1.5.9 2 years ago
  • Lenovo on Debian 11,fwupd v1.5.7 2 years ago
  • Lenovo on Ubuntu 20.04,fwupd v1.5.11 2 years ago
The vendors testing the update provide no warranty of any kind (express or implied), including but not limited to the warranties of merchantability, fitness for a particular purpose or non-infringement. In no event shall these vendors be liable for any claim, damages or other liability.
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.43
2021-08-26 08:02:18

Lenovo System Firmware Version 1.43

Important updates

  • Update includes a security fix.

Urgency high
Reported Success 100% (medium confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.42
2021-05-14 06:16:46

Lenovo ThinkPad X280 System Firmware Version 1.42

Important updates

  • Addresses CVE issues.

New functions or enhancements

  • Updated the CPU microcode.
  • Updated the Diagnostics module to version 04.17.000.

Urgency high
Reported Success 100% (medium confidence)
Fixed issues:
  • CVE-2020-24512

    Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-24511

    Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.40
2020-06-16 03:51:49

Lenovo ThinkPad X280 System Firmware Version 1.40

Important updates

  • Address Issues

Urgency high
Reported Success 98% (high confidence)
Fixed issues:
  • CVE-2020-0543

    Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-0549

    Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-0548

    Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.39
2020-05-18 05:33:49

Lenovo ThinkPad X280 System Firmware Version 1.39

Urgency high
Reported Success 100% (medium confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.37
2020-03-02 08:18:47

Lenovo ThinkPad X280 System Firmware Version 1.37

Important updates

  • Update includes a security fix.

Urgency high
Reported Success 96% (medium confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.36
2020-01-23 09:41:51

Lenovo ThinkPad X280 System Firmware Version 1.36

Urgency high
Reported Success 96% (medium confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.35
2019-12-12 02:14:42

Lenovo ThinkPad X280 System Firmware Version 1.35

Important updates

  • Addresses CVE issues.
  • Refer to Lenovo's Security Advisory page for additional information about LEN-27714 "Multi-vendor BIOS Security Vulnerabilities"
  • Security fix addresses LEN-29406 ST Microelectronics TPM Firmware ECDSA Signature Generation Vulnerability.Refer to Lenovo's Security Advisory page for additional information.

New functions or enhancements

  • Supported BIOS password authentication before entering into MEBx.

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2019-14607

    Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.

  • CVE-2019-0185

    Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 families; Intel(R) Xeon(R) E-2100 and E-2200 Processor families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.
Licenses
Security
Release Gating
Download Archive Firmware Details Compare with previous

Version 0.1.33
2019-10-31 04:35:47

Lenovo ThinkPad X280 System Firmware Version 1.33

Important updates

  • Update includes a security fix.

New functions or enhancements

  • Updated the CPU microcode.
  • Support for non-Absolute Persistence Module version of UEFI BIOS.

Urgency high
Reported Success 94% (low confidence)
Licenses
Security
Release Gating
Download Archive Firmware Details

LVFS © 2015 Richard Hughes with icons from Font Awesome and GeoIP data from IP2Location.

Linux Vendor Firmware Service Project a Series of LF Projects, LLC :: Charter