CVE-2008-3894

Name of the Vulnerable Software and Affected Versions IBM Lenovo firmware version 7CETB5WW 2.05

Description The issue allows local users to obtain sensitive information by reading physical memory locations associated with the BIOS Keyboard buffer, which stores pre-boot authentication passwords and is not cleared after use. This enables a local attacker to access the BIOS password by directly reading the physical memory addresses used as the buffer.

Recommendations For IBM Lenovo firmware version 7CETB5WW 2.05, consider clearing the BIOS Keyboard buffer after each use as a mitigation measure until a patch is available. Restrict physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.