Lenovo issued a pair of security advisories on Friday for its popular ThinkPad line and System x servers. One bug is tied to an authentication flaw in the Secure Boot process; and the other to a vulnerability that would allow for arbitrary code execution.
The company’s internal testing team discovered the first Secure Boot issue (CVE-2017-3775), which is rated as high-severity. Impacted are nearly a dozen enterprise-class Lenovo systems ranging from its System x, Flex System and one high-density NeXtScale nx360 M5 model server.
Secure Boot is an Intel firmware feature, which acts as a security gate or interface between an operating system and the firmware/BIOS.