LVFS: ThinkPad X1 Yoga Gen 7/ThinkPad X1 Carbon Gen 10

Lenovo (ThinkPad) ThinkPad X1 Yoga Gen 7/ThinkPad X1 Carbon Gen 10

Lenovo ThinkPad X1 Yoga Gen 7/X1 Carbon Gen 10 Corporate ME Firmware N3ARG07W, 16.1.32.2418

Intel Platform Update 2024.3 Product Version Maintenance Release

Corporate Version 16.1.32.2418 (LVFS: 1.32.2418)

Problem Fixes

Mitigated the following security vulnerabilities under issues. Please see fixed issues for details.

Urgency	high
Reported Success	95% (medium confidence)
Fixed issues:	CVE-2023-38655 Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access. CVE-2023-34424 Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. CVE-2024-21844 Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2023-48361 Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access. CVE-2023-40067 Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access. INTEL-TA-00999
Licenses	Proprietary, distributed by agreement
Security	No issues found using FwHunt from Binarly More info Update is cryptographically signed More info Added to the LVFS by Lenovo More info Firmware can be verified after flashing More info Virus checked using ClamAV More info Firmware has no detected SBoM More info
Release Gating	Not available to ChromeOS users More info

Linux Vendor Firmware Service Project a Series of LF Projects, LLC :: Charter