CVE-2024-45105

Description

An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.

Remediation

Solution:

Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-165524

References

Link	Tags
https://support.lenovo.com/us/en/product_security/LEN-165524

Frequently Asked Questions

What is the severity of CVE-2024-45105?: CVE-2024-45105 has been scored as a medium severity vulnerability.
How to fix CVE-2024-45105?: To fix CVE-2024-45105: Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-165524
Is CVE-2024-45105 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-45105 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-45105?: CVE-2024-45105 affects Lenovo HX5530 Appliance (ThinkAgile) BIOS, Lenovo HX645 V3 Integrated System (ThinkAgile) BIOS, Lenovo HX665 V3 Certified Node (ThinkAgile) BIOS, Lenovo ST250 V3 (ThinkSystem) BIOS, Lenovo VX3331 Certified Node (ThinkAgile) BIOS, Lenovo HX1331 Certified Node (ThinkAgile) BIOS, Lenovo HX2330 Appliance (ThinkAgile) BIOS, Lenovo HX2331 Certified Node (ThinkAgile) BIOS, Lenovo HX3330 Appliance (ThinkAgile) BIOS, Lenovo HX3331 Certified Node (ThinkAgile) BIOS, Lenovo HX3331 Node SAP HANA (ThinkAgile) BIOS, Lenovo HX3375 Appliance (ThinkAgile) BIOS, Lenovo HX3376 Certified Node (ThinkAgile) BIOS, Lenovo HX5531 Certified Node (ThinkAgile) BIOS, Lenovo HX630 V3 Certified Node (ThinkAgile) BIOS, Lenovo HX630 V3 Integrated System (ThinkAgile) BIOS, Lenovo HX645 V3 Certified Node (ThinkAgile) BIOS, Lenovo HX650 V3 Certified Node (ThinkAgile) BIOS, Lenovo HX650 V3 Integrated System (ThinkAgile) BIOS, Lenovo HX665 V3 Integrated System (ThinkAgile) BIOS, Lenovo HX665 V3 Storage Certified Node (ThinkAgile) BIOS, Lenovo HX665 V3 Storage Integrated Node (ThinkAgile) BIOS, Lenovo HX7530 Appl for SAP HANA (ThinkAgile) BIOS, Lenovo HX7531 Certified Node (ThinkAgile) BIOS, Lenovo HX7531 Node SAP HANA (ThinkAgile) BIOS, Lenovo MX3330-F All-flash Appliance (ThinkAgile) BIOS, Lenovo MX3330-H Hybrid Appliance (ThinkAgile) BIOS, Lenovo MX3331-F All-flash Certified node (ThinkAgile) BIOS, Lenovo MX3331-H Hybrid Certified node (ThinkAgile) BIOS, Lenovo MX3530 F All flash Appliance (ThinkAgile) BIOS, Lenovo MX3530-H Hybrid Appliance (ThinkAgile) BIOS, Lenovo MX3531 H Hybrid Certified node (ThinkAgile) BIOS, Lenovo MX3531-F All-flash Certified node (ThinkAgile) BIOS, Lenovo MX630 V3 Certified Node (ThinkAgile) BIOS, Lenovo MX630 V3 Integrated System (ThinkAgile) BIOS, Lenovo MX650 V3 Certified Node (ThinkAgile) BIOS, Lenovo MX650 v3 Integrated System (ThinkAgile) BIOS, Lenovo SD530 V3 (ThinkSystem) BIOS, Lenovo SD550 V3 (ThinkSystem) BIOS, Lenovo SD630 V2 (ThinkSystem) BIOS, Lenovo SD650 V2 (ThinkSystem) BIOS, Lenovo SD650 V3 (ThinkSystem) BIOS, Lenovo SD650-N V2 (ThinkSystem) BIOS, Lenovo SD665 V3 (ThinkSystem) BIOS, Lenovo SE350 V2 (ThinkEdge) BIOS, Lenovo SE360 V2 (ThinkEdge) BIOS, Lenovo SE450 (ThinkEdge) BIOS, Lenovo SE455 V3 (ThinkEdge) BIOS, Lenovo SN550 V2 (ThinkSystem) BIOS, Lenovo SR250 V2 (ThinkSystem) BIOS, Lenovo SR250 V3 (ThinkSystem) BIOS, Lenovo SR258 V2 (ThinkSystem) BIOS, Lenovo SR258 V3 (ThinkSystem) BIOS, Lenovo SR630 V2 (ThinkSystem) BIOS, Lenovo SR630 V3 (ThinkSystem) BIOS, Lenovo SR635 V3 (ThinkSystem) BIOS, Lenovo SR645 (ThinkSystem) BIOS, Lenovo SR645 V3 (ThinkSystem) BIOS, Lenovo SR650 V2 (ThinkSystem) BIOS, Lenovo SR650 V3 (ThinkSystem) BIOS, Lenovo SR655 V3 (ThinkSystem) BIOS, Lenovo SR665 (ThinkSystem) BIOS, Lenovo SR665 V3 (ThinkSystem) BIOS, Lenovo SR670 V2 (ThinkSystem) BIOS, Lenovo SR675 V3 (ThinkSystem) BIOS, Lenovo SR850 V2 (ThinkSystem) BIOS, Lenovo SR850 V3 (ThinkSystem) BIOS, Lenovo SR860 V2 (ThinkSystem) BIOS, Lenovo SR860 V3 (ThinkSystem) BIOS, Lenovo SR950 V3 (ThinkSystem) BIOS, Lenovo ST250 V2 (ThinkSystem) BIOS, Lenovo ST258 V2 (ThinkSystem) BIOS, Lenovo ST258 V3 (ThinkSystem) BIOS, Lenovo ST650 V2 (ThinkSystem) BIOS, Lenovo ST650 V3 (ThinkSystem) BIOS, Lenovo ST658 V2 (ThinkSystem) BIOS, Lenovo ST658 V3 (ThinkSystem) BIOS, Lenovo VX2330 Appliance (ThinkAgile) BIOS, Lenovo VX3330 Appliance (ThinkAgile) BIOS, Lenovo VX3530-G Appliance (ThinkAgile) BIOS, Lenovo VX5530 Appliance (ThinkAgile) BIOS, Lenovo VX630 V3 Certified Node (ThinkAgile) BIOS, Lenovo VX635 V3 Certified Node (ThinkAgile) BIOS, Lenovo VX635 V3 Integrated System (ThinkAgile) BIOS, Lenovo VX645 V3 Certified Node (ThinkAgile) BIOS, Lenovo VX645 V3 Integrated System (ThinkAgile) BIOS, Lenovo VX650 V3 Certified Node (ThinkAgile) BIOS, Lenovo VX650 V3 DPU Certified Node (ThinkAgile) BIOS, Lenovo VX650 V3 DPU Integrated System (ThinkAgile) BIOS, Lenovo VX650 V3 DPU SAP HANA Certified Node (ThinkAgile) BIOS, Lenovo VX650 V3 Integrated System (ThinkAgile) BIOS, Lenovo VX650 V3 SAP HANA Certified Node (ThinkAgile) BIOS, Lenovo VX655 V3 Certified Node (ThinkAgile) BIOS, Lenovo VX655 V3 Integrated System (ThinkAgile) BIOS, Lenovo VX665 V3 Certified Node (ThinkAgile) BIOS, Lenovo VX665 V3 Integrated System (ThinkAgile) BIOS, Lenovo VX7330 Appliance (Thinkagile) BIOS, Lenovo VX7530 Appliance (ThinkAgile) BIOS, Lenovo VX7531 Certified Node (ThinkAgile) BIOS.

Description

Remediation

Category

CWE-825 – Expired Pointer Dereference

References

Frequently Asked Questions