mrhpearson
commented
2 months ago Sorry - I couldn't find in the LEN-158632 page where it said T16 G2 is impacted by CVE-2023-39536 Am I missing something?
Closed VeldoraTheDragon closed 2 months ago
mrhpearson
commented
2 months ago Sorry - I couldn't find in the LEN-158632 page where it said T16 G2 is impacted by CVE-2023-39536 Am I missing something?
VeldoraTheDragon
commented
2 months ago Hi @mrhpearson
It seems like it's my bad. Apparently I looked to high up in the list and didn't notice I was looking by the Desktops and not Thinkpads. However, there are two CVE's for the T16 Gen 2.
CVE-2023-45733 is marked w. Target availability 2024-07-19 and CVE-2024-0762 w. N3QUJ09W, whereas CVE-2024-0762 seems more critical to me than CVE-2023-45733. Nevertheless, I'd still like to know, if there are already firmware updates available, which patch the two vulnerabilities.
mrhpearson
commented
2 months ago Hi
For CVE-2023-45733: 2024-07-19 is still in the future so I think we can assume the fix is not available yet.
For CVE-2024-0762: N3QUJ09W is BIOS 1.45 (N3QET45W) and EC 1.12 (N3QHT22W)
I can see BIOS 1.46 and EC 1.12 have been released to stable on LVFS - so if you update to those you will be covered.
Mark
VeldoraTheDragon
commented
2 months ago Hi Mark
Thank you for the clarification And I apologize for the confusion I've created.
The T16 Gen 2 is affected according to: https://support.lenovo.com/de/de/product_security/LEN-158632
A new version 1.46 has been released recently, but I can't find any hints, if this update fixes the named CVE. Does it or does it not?
If not, when will there be a release, which addresses this CVE? If it does, why wouldn't it be addressed in the release notes?