CVE-2018-9069

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Published: Oct 2, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-9069
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: High
Score: 7
AV:N/AC:M/Au:S/C:N/I:P/A:C

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
hp / 310s-14isk_firmware	-	1.15
hp / 320-15ikbra_firmware	-	6jcn24ww
hp / 320-15ikbrn_firmware	-	6jcn24ww
hp / 320-15ikbrn_touch_firmware	-	6jcn24ww
hp / 320-17ikbrn	-	2.09
hp / 320s-14ikb	-	2.09
hp / 320s-15ikb_firmware	-	2.09
hp / 320s-15isk_firmware	-	2wcn38ww
hp / 510s-14isk_firmware	-	1.15
hp / 520-15ikbrn_firmware	-	6jcn26ww
hp / 520s-14ikb_firmware	-	2.09
hp / 710s_plus-13ikb_16g_firmware	-	2.55
hp / 710s_plus-3ikb_firmware	-	2.55
hp / xiaoxinair13ikbpro_firmware	-	2.55
hp / 710s_plus_touch-13ikb_firmware	-	2.55
hp / 720s-13ikb_firmware	-	5scn38ww
lenovo / e42-80_firmware	-	2wcn38ww
lenovo / e52-80_firmware	-	2wcn38ww
hp / flex_4-1470_firmware	-	1.15
hp / flex_5-1470_firmware	-	2.09
hp / flex_5-1570_firmware	-	2.09
hp / lenovo_ideapad_720s-14ikb_firmware	-	6jcn26ww
hp / lenovo_ideapad_flex_5-1470_firmware	-	6jcn26ww
hp / lenovo_ideapad_flex_5-1570_firmware	-	6jcn26ww
hp / lenovo_y520-15ikba_firmware	-	5jcn25ww
hp / lenovo_y520-15ikbm_firmware	-	5jcn25ww
hp / lenovo_yoga_520-14ikb_firmware	-	6jcn26ww
hp / lenovo_yoga_520-15ikb_firmware	-	6jcn26ww
hp / miix_720-12ikb	-	3scn66ww
hp / nano110-15ikb_firmware	-	5xcn24ww
hp / rescuer_r720-15ikbm_firmware	-	5xcn24ww
hp / rescuer_y520-15ikbm_firmware	-	5xcn24ww
lenovo / v310-14ikb_firmware	-	2wcn38ww
lenovo / v310-14isk_firmware	-	4.07
lenovo / v310-15ikb_firmware	-	2wcn38ww
lenovo / v310-15isk_firmware	-	0zcn47ww
hp / v330-14ikb_firmware	-	4.07
hp / v330-14isk_firmware	-	4.07
lenovo / v510-14ikb_firmware	-	2wcn38ww
lenovo / v510-15ikb_firmware	-	2wcn38ww
hp / yoga_310-11iap_firmware	-	6.7
hp / yoga_510-14isk_firmware	-	1.15
hp / yoga_720-13ikb_firmware	-	2.05
hp / yoga_720-13ikbr_firmware	-	2.07
hp / yoga_720-15ikb_firmware	-	2.05
hp / lenovo_v720-14_firmware	-	2.12
hp / 7000_u42_firmware	-	2.09
hp / 7000-15_u42_firmware	-	2.09
hp / r720-15ikba_firmware	-	5jcn25ww
hp / y520-15ikba_firmware	-	5jcn25ww
hp / r720-15ikbn_firmware	-	4gcn38ww
hp / y520-15ikbn_firmware	-	4gcn38ww
hp / y720-15ikb_firmware	-	4gcn38ww
hp / lenovo_y720-15ikb_firmware	-	4gcn38ww
hp / e43-80_kbl_firmware	-	4.07

https://support.lenovo.com/us/en/solutions/LEN-20184

Vulnerability Database

309,961

CVE-2018-9069

Deep Security Visibility Without the Complexity