CVE-2015-7267

Name of the Vulnerable Software and Affected Versions Samsung 850 Pro and PM851 solid-state drives versions (affected versions not specified) Seagate ST500LT015 and ST500LT025 hard disk drives versions (affected versions not specified) Lenovo ThinkPad T440s laptops with BIOS 2.32 Lenovo ThinkPad W541 laptops with BIOS 2.21 Dell Latitude E6410 laptops with BIOS A16 Dell Latitude E6430 laptops with BIOS A16

Description The issue allows physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, also known as a "Hot Plug attack." This occurs when the drives are operating in Opal or eDrive mode.

Recommendations For Samsung 850 Pro and PM851 solid-state drives, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Seagate ST500LT015 and ST500LT025 hard disk drives, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Lenovo ThinkPad T440s laptops with BIOS 2.32, consider updating the BIOS to a version that addresses the issue. For Lenovo ThinkPad W541 laptops with BIOS 2.21, consider updating the BIOS to a version that addresses the issue. For Dell Latitude E6410 laptops with BIOS A16, consider updating the BIOS to a version that addresses the issue. For Dell Latitude E6430 laptops with BIOS A16, consider updating the BIOS to a version that addresses the issue.