Input Validation Weakness in TpmSetup Module for Lenovo System x Servers
CVE-2024-11679

6.7MEDIUM

Key Information:

Vendor
Lenovo
Vendor
CVE Published:
11 April 2025

Summary

An input validation issue has been identified in the TpmSetup module affecting certain legacy Lenovo System x server products. This vulnerability can potentially allow a local attacker with elevated privileges to access unreadable portions of memory, posing a security risk to sensitive data. It is crucial for users of these systems to be aware of this vulnerability and implement recommended security patches or updates to mitigate potential exploitation.

Affected Version(s)

System x3550 M5 0 < 4.40

System x3560 M5 0 < 4.20

References

CVSS V4

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lenovo thanks Eason for reporting this issue.
.