CVE-2018-9069

Name: CVE-2018-9069
Creator: NVD / NIST
Published: 2018-10-02T13:29:00.443+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.9/10EPSS 0.53%

Last modified Jun 17, 2026

CVE-2018-9069 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.. EPSS estimates a 0.53% chance of exploitation in the next 30 days.

Description

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Metrics

CVSS 3.1

5.9/10

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

EPSS Probability

0.53%

40.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-362

Affected Software

Vendor	Product	Versions
Hp	310s-14isk Firmware	< 1.15
Hp	320-15ikbra Firmware	< 6jcn24ww
Hp	320-15ikbrn Firmware	< 6jcn24ww
Hp	320-15ikbrn Touch Firmware	< 6jcn24ww
Hp	320-17ikbrn	< 2.09
Hp	320s-14ikb	< 2.09
Hp	320s-15ikb Firmware	< 2.09
Hp	320s-15isk Firmware	< 2wcn38ww
Hp	510s-14isk Firmware	< 1.15
Hp	520-15ikbrn Firmware	< 6jcn26ww
Hp	520s-14ikb Firmware	< 2.09
Hp	710s Plus-13ikb 16g Firmware	< 2.55
Hp	710s Plus-3ikb Firmware	< 2.55
Hp	Xiaoxinair13ikbpro Firmware	< 2.55
Hp	710s Plus Touch-13ikb Firmware	< 2.55
Hp	720s-13ikb Firmware	< 5scn38ww
Hp	B320-14ikb Firmware	All versions
Lenovo	E42-80 Firmware	< 2wcn38ww
Lenovo	E52-80 Firmware	< 2wcn38ww
Hp	Flex 4-1470 Firmware	< 1.15
Hp	Flex 5-1470 Firmware	< 2.09
Hp	Flex 5-1570 Firmware	< 2.09
Hp	Ideapad 2in1 14 Firmware	All versions
Hp	Lenovo Ideapad 320-14ikb\(I\+A\) Firmware	All versions
Hp	Lenovo Ideapad 320-14ikb\(I\+N\) Firmware	All versions
Hp	Lenovo Ideapad 320-15abr Firmware	All versions
Hp	Lenovo Ideapad 320-15ikb\(I\+N\) Firmware	All versions
Hp	Lenovo Ideapad 320s-14ikbr Firmware	All versions
Hp	Lenovo Ideapad 320s-15ikbr Firmware	All versions
Hp	Lenovo Ideapad 520s-14ikbr Firmware	All versions
Hp	Lenovo Ideapad 720s-14ikb Firmware	< 6jcn26ww
Hp	Lenovo Ideapad Flex 5-1470 Firmware	< 6jcn26ww
Hp	Lenovo Ideapad Flex 5-1570 Firmware	< 6jcn26ww
Hp	Lenovo Ideapad Y520-15ikbn Firmware	All versions
Hp	Lenovo Tianyi 310-14ikb Firmware	All versions
Hp	Lenovo Tianyi 310-15ikb Firmware	All versions
Hp	Lenovo Y520-15ikba Firmware	< 5jcn25ww
Hp	Lenovo Y520-15ikbm Firmware	< 5jcn25ww
Hp	Lenovo Yoga 520-14ikb Firmware	< 6jcn26ww
Hp	Lenovo Yoga 520-15ikb Firmware	< 6jcn26ww
Hp	Miix 720-12ikb	< 3scn66ww
Hp	Nano110-14ikb Firmware	All versions
Hp	Nano110-15ikb Firmware	< 5xcn24ww
Hp	Rescuer R720-15ikbm Firmware	< 5xcn24ww
Hp	Rescuer Y520-15ikbm Firmware	< 5xcn24ww
Lenovo	V310-14ikb Firmware	< 2wcn38ww
Lenovo	V310-14isk Firmware	< 4.07
Lenovo	V310-15ikb Firmware	< 2wcn38ww
Lenovo	V310-15isk Firmware	< 0zcn47ww
Hp	V330-14ikb Firmware	< 4.07

Showing 50 of 68 affected configurations. See NVD for the full list.

References

https://support.lenovo.com/us/en/solutions/LEN-20184Vendor Advisory
https://support.lenovo.com/us/en/solutions/LEN-20184Vendor Advisory

Timeline

Published: Oct 2, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-9069?

How severe is CVE-2018-9069?

CVE-2018-9069 has a CVSS score of 5.9/10 (MEDIUM severity). The EPSS model estimates a 0.53% probability of exploitation in the next 30 days.

How do I fix CVE-2018-9069?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-9069?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST