Dozens of Lenovo’s flagship ThinkPad models are vulnerable to bugs ranging in severity from low to high. Two of the flaws are tied to industry-wide security bulletins, while a medium-severity flaw affects only Lenovo laptops but remains unpatched.
The most severe of the three bugs is a high-severity Bluetooth vulnerability (CVE-2019-9506) disclosed on Tuesday by Microsoft as part of its August security patch roundup. The flaw is described as an “encryption key negotiation of Bluetooth vulnerability” that could allow a nearby attacker to perform an information-disclosure or an escalation-of-privileges attack, according to a U.S. Computer Emergency Readiness Team (US-CERT) description.
The flaw is tied to the way the short-range Bluetooth radio technology encrypts its end-to-end communications for security and privacy.