Lenovo (ThinkPad) ThinkPad X13/T14s

Lenovo ThinkPad X13/T14s Corporate ME Firmware N2YRM16W, 14.1.70.2228

Atom Feed

Version 225.70.2228
2023-10-16 05:22:49

Version 14.1.70.2228(LVFS:225.70.2228)

Problem Fixes

  • Intel CSME IPU 2023.3
  • Mitigated the following security vulnerabilities under issues.

Urgency high
Reported Success 98% (high confidence)
Fixed issues:
  • CVE-2022-36392

    Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2022-29871

    Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Licenses
Security
Release Gating
Download Archive More details Firmware Details Compare with previous

Version 225.67.2046
2022-12-05 02:50:52

This stable release fixes the following issues:

  • Mitigated several security vulnerabilities.

Urgency high
Reported Success 100% (high confidence)
Fixed issues:
  • CVE-2022-29515

    Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2022-33159
  • CVE-2022-29893

    Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access.

  • CVE-2022-27497

    Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2022-21181

    Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
Licenses
Security
Release Gating
Download Archive More details Firmware Details Compare with previous

Version 225.65.1969
2022-09-01 00:21:44

Version 14.1.65.1969(LVFS:225.65.1969)

Problem Fixes

  • Fixed Intel® ME 14.1.60.1807 has no response in Sx when update Intel®ME by Intel® FW update tool.
  • Fixed Intel® ME entering recovery mode will trigger bios recovery.

Urgency high
Reported Success 97% (medium confidence)
Licenses
Security
Release Gating
Download Archive More details Firmware Details Compare with previous

Version 225.60.1807
2022-04-02 06:43:55

Version 14.1.60.1807(LVFS:225.60.1807)

Problem Fixes

  • Addressed several critical security vulnerabilities

Urgency high
Reported Success 100% (high confidence)
Licenses
Security
Release Gating
Download Archive More details Firmware Details Compare with previous

Version 225.53.1649
2021-08-16 07:47:57

Version 14.1.53.1649(LVFS:225.53.1649) fixes the following issues:

  • Intel security vulnerabilities fixed.

Urgency high
Reported Success 100% (high confidence)
Licenses
Security
Release Gating
Download Archive More details Firmware Details Compare with previous

Version 224.48.1605
2021-04-08 02:13:32

Version 14.0.48.1605(LVFS:224.48.1605)

Problem Fixes

  • Fixed security vulnerabilities.

Urgency high
Reported Success 100% (medium confidence)
Licenses
Security
Release Gating
Download Archive More details Firmware Details Compare with previous

Version 224.45.1389
2020-12-30 09:48:24

  • 0 Intel Platform Update

Version 14.0.45.1389 (LVFS: 224.45.1389)

Problem Fixes

  • Intel CSME PSIRT-TA-00391 IPU 2020.2:
  • Mitigated the following security vulnerabilities under issues.

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2020-8705

    Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.

  • CVE-2020-12356

    Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2020-12303

    Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

  • CVE-2020-12297

    Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.

  • CVE-2020-8752

    Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.

  • CVE-2020-8749

    Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-8746

    Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2020-8747

    Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

  • CVE-2020-8754

    Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-8751

    Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.

  • CVE-2020-8760

    Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8756

    Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8757

    Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-8745

    Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2020-8753

    Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
Licenses
Security
Release Gating
Download Archive More details Firmware Details Compare with previous

Version 224.39.1367
2020-11-10 02:17:50

  • 0 Intel Platform Update

Version 14.0.39.1367 (LVFS: 224.39.1367)

Problem Fixes

  • Intel CSME PSIRT-TA-00404 IPU 2020.1:
  • Mitigated the following security vulnerability under issues.

Urgency high
Reported Success 100% (low confidence)
Fixed issues:
  • CVE-2020-8758

    Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.
Licenses
Security
Release Gating
Download Archive More details Firmware Details Compare with previous

Version 224.33.1125
2020-06-29 07:48:07

  • 0 Intel Platform Update

Version 14.0.33.1125 (LVFS: 224.33.1125)

Problem Fixes

  • Initial Release
  • Intel CSME PSIRT-TA-2019-10-001 IPU 2020.1
  • Mitigated the following security vulnerabilities under issues

Urgency high
Fixed issues:
  • CVE-2020-0542

    Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

  • CVE-2020-0541

    Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-0539

    Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.

  • CVE-2020-0536

    Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.

  • CVE-2020-0534

    Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.
Licenses
Security
Release Gating
Download Archive Firmware Details

LVFS © 2015 Richard Hughes with icons from Font Awesome and GeoIP data from IP2Location.

Linux Vendor Firmware Service Project a Series of LF Projects, LLC :: Charter