Vulnerabilites related to Lenovo - BIOS
CVE-2020-8333 (GCVE-0-2020-8333)
Vulnerability from cvelistv5
Published
2020-09-24 21:05
Modified
2024-09-16 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary code execution
Summary
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks yngwei (@yngweijw), driedfish (@d3af1sh), and MengHao, Li of IIE VARAS"
}
],
"datePublic": "2020-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T21:05:26",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-09-24T21:00:00.000Z",
"ID": "CVE-2020-8333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks yngwei (@yngweijw), driedfish (@d3af1sh), and MengHao, Li of IIE VARAS"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8333",
"datePublished": "2020-09-24T21:05:26.789032Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T17:38:49.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8336 (GCVE-0-2020-8336)
Vulnerability from cvelistv5
Published
2020-06-09 19:50
Modified
2024-09-16 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- anti rollback prevention
Summary
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Maxim Goryachy \u0026 Mark Ermolov of Positive Technologies"
}
],
"datePublic": "2020-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "anti rollback prevention",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:37",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Maxim Goryachy \u0026 Mark Ermolov of Positive Technologies"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "anti rollback prevention"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8336",
"datePublished": "2020-06-09T19:50:37.711121Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T19:56:08.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6156 (GCVE-0-2019-6156)
Vulnerability from cvelistv5
Published
2019-04-10 17:04
Modified
2024-09-16 22:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- None
Summary
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-26332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Emin Ghuliev for reporting this issue."
}
],
"datePublic": "2019-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "None",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T17:04:19",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-26332"
}
],
"solutions": [
{
"lang": "en",
"value": "No action required. Lenovo has updated BIOS for systems in the product impact section to implement this secondary protection, PRx."
}
],
"source": {
"advisory": "LEN-26332",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-04-04T19:00:00.000Z",
"ID": "CVE-2019-6156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Emin Ghuliev for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "None"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-26332",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-26332"
}
]
},
"solution": [
{
"lang": "en",
"value": "No action required. Lenovo has updated BIOS for systems in the product impact section to implement this secondary protection, PRx."
}
],
"source": {
"advisory": "LEN-26332",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6156",
"datePublished": "2019-04-10T17:04:19.908080Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T22:02:37.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8354 (GCVE-0-2020-8354)
Vulnerability from cvelistv5
Published
2020-11-11 17:35
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Summary
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-49266"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "various",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks yngwei (@yngweijw) of IIE VARAS"
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T17:35:18",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-49266"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-49266."
}
],
"source": {
"advisory": "LEN-49266",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2020-8354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks yngwei (@yngweijw) of IIE VARAS"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-49266",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-49266"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-49266."
}
],
"source": {
"advisory": "LEN-49266",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8354",
"datePublished": "2020-11-11T17:35:18",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4210 (GCVE-0-2021-4210)
Vulnerability from cvelistv5
Published
2022-04-22 20:30
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-77639"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Jiawei Yin(@yngweijw) and Menghao Li of IIE varas"
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T20:30:41",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-77639"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639."
}
],
"source": {
"advisory": "LEN-77639",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-4210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Jiawei Yin(@yngweijw) and Menghao Li of IIE varas"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-77639",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-77639"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639."
}
],
"source": {
"advisory": "LEN-77639",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-4210",
"datePublished": "2022-04-22T20:30:41",
"dateReserved": "2022-01-24T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45079 (GCVE-0-2023-45079)
Vulnerability from cvelistv5
Published
2023-11-08 22:32
Modified
2024-09-04 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bios",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T17:42:45.727166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T17:43:46.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T22:32:37.592Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 "
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-45079",
"datePublished": "2023-11-08T22:32:37.592Z",
"dateReserved": "2023-10-03T17:36:49.034Z",
"dateUpdated": "2024-09-04T17:43:46.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4211 (GCVE-0-2021-4211)
Vulnerability from cvelistv5
Published
2022-04-22 20:30
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-77639"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Jiawei Yin(@yngweijw) and Menghao Li of IIE varas"
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T20:30:43",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-77639"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639."
}
],
"source": {
"advisory": "LEN-77639",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-4211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Jiawei Yin(@yngweijw) and Menghao Li of IIE varas"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-77639",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-77639"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639."
}
],
"source": {
"advisory": "LEN-77639",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-4211",
"datePublished": "2022-04-22T20:30:43",
"dateReserved": "2022-01-24T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40135 (GCVE-0-2022-40135)
Vulnerability from cvelistv5
Published
2023-01-30 21:20
Modified
2025-03-27 15:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94953"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:25:43.013586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:26:04.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory."
}
],
"value": "An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T21:20:33.347Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94953"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-40135",
"datePublished": "2023-01-30T21:20:33.347Z",
"dateReserved": "2022-09-06T15:43:50.236Z",
"dateUpdated": "2025-03-27T15:26:04.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3431 (GCVE-0-2022-3431)
Vulnerability from cvelistv5
Published
2023-10-09 18:18
Modified
2024-09-19 14:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:notebook:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "notebook",
"vendor": "lenovo",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:34:46.057328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:36:08.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
],
"value": "A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-09T18:18:54.016Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\u003cbr\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3431",
"datePublished": "2023-10-09T18:18:54.016Z",
"dateReserved": "2022-10-07T19:59:25.920Z",
"dateUpdated": "2024-09-19T14:36:08.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40137 (GCVE-0-2022-40137)
Vulnerability from cvelistv5
Published
2023-01-30 21:26
Modified
2025-03-27 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94953"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:20:14.137475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:20:30.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T21:26:55.123Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94953"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-40137",
"datePublished": "2023-01-30T21:26:55.123Z",
"dateReserved": "2022-09-06T15:43:50.236Z",
"dateUpdated": "2025-03-27T15:20:30.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8320 (GCVE-0-2020-8320)
Vulnerability from cvelistv5
Published
2020-06-09 19:50
Modified
2024-09-16 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-489 - Leftover Debug Code
Summary
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Avery Mosher at SkySafe Inc."
}
],
"datePublic": "2020-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:34",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Avery Mosher at SkySafe Inc."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489 Leftover Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8320",
"datePublished": "2020-06-09T19:50:34.958967Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T17:33:07.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1890 (GCVE-0-2022-1890)
Vulnerability from cvelistv5
Published
2023-01-23 15:18
Modified
2025-04-01 19:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T19:51:47.355922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T19:51:58.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
}
],
"value": "A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T06:03:10.975Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\u003cbr\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-1890",
"datePublished": "2023-01-23T15:18:46.294Z",
"dateReserved": "2022-05-25T20:29:31.270Z",
"dateUpdated": "2025-04-01T19:51:58.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1891 (GCVE-0-2022-1891)
Vulnerability from cvelistv5
Published
2023-01-23 15:25
Modified
2025-04-03 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T14:34:12.315495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T16:54:57.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T06:03:10.975Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\u003cbr\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-1891",
"datePublished": "2023-01-23T15:25:33.599Z",
"dateReserved": "2022-05-25T20:29:36.185Z",
"dateUpdated": "2025-04-03T16:54:57.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45077 (GCVE-0-2023-45077)
Vulnerability from cvelistv5
Published
2023-11-08 22:30
Modified
2024-09-04 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bios",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T17:52:03.826324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T17:54:09.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. "
}
],
"value": "A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T22:38:59.712Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 "
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-45077",
"datePublished": "2023-11-08T22:30:05.886Z",
"dateReserved": "2023-10-03T17:36:49.034Z",
"dateUpdated": "2024-09-04T17:54:09.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45078 (GCVE-0-2023-45078)
Vulnerability from cvelistv5
Published
2023-11-08 22:30
Modified
2024-09-04 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:18.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bios",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T17:48:51.693243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T17:50:14.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. "
}
],
"value": "A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T22:30:49.077Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 "
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-45078",
"datePublished": "2023-11-08T22:30:49.077Z",
"dateReserved": "2023-10-03T17:36:49.034Z",
"dateUpdated": "2024-09-04T17:50:14.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5247 (GCVE-0-2016-5247)
Vulnerability from cvelistv5
Published
2016-09-22 15:00
Modified
2024-08-06 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/product_security/PS500067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-22T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/product_security/PS500067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92661"
},
{
"name": "https://support.lenovo.com/product_security/PS500067",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/product_security/PS500067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5247",
"datePublished": "2016-09-22T15:00:00",
"dateReserved": "2016-06-03T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3754 (GCVE-0-2017-3754)
Vulnerability from cvelistv5
Published
2017-07-17 19:00
Modified
2024-09-16 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- BIOS Write Protections Improperly Configured
Summary
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Lenovo Notebook BIOS |
Version: Various |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo Notebook BIOS",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Various"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "BIOS Write Protections Improperly Configured",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-17T18:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-3754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo Notebook BIOS",
"version": {
"version_data": [
{
"version_value": "Various"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "BIOS Write Protections Improperly Configured"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-15084",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3754",
"datePublished": "2017-07-17T19:00:00Z",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-09-16T18:12:56.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25493 (GCVE-0-2023-25493)
Vulnerability from cvelistv5
Published
2024-04-05 20:46
Modified
2024-09-16 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bios",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T22:13:08.326323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:31:26.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:18.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. \u003c/span\u003e"
}
],
"value": "A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:50:40.027Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-25493",
"datePublished": "2024-04-05T20:46:00.491Z",
"dateReserved": "2023-02-06T15:09:03.709Z",
"dateUpdated": "2024-09-16T14:50:40.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1892 (GCVE-0-2022-1892)
Vulnerability from cvelistv5
Published
2023-01-23 15:31
Modified
2025-04-02 14:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T14:36:42.939310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T14:37:24.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
}
],
"value": "A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T06:03:10.975Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-91369"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\u003cbr\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-91369\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-1892",
"datePublished": "2023-01-23T15:31:19.243Z",
"dateReserved": "2022-05-25T20:29:39.456Z",
"dateUpdated": "2025-04-02T14:37:24.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8224 (GCVE-0-2016-8224)
Vulnerability from cvelistv5
Published
2016-11-29 20:00
Modified
2024-08-06 02:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems
Summary
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94595",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94595"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN_9903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo Notebook models 110-14IBR/110-15IBR, B70-80, E31-80, E40-80, E41-80, E51-80, G40-80, G50-80, G50-80 Touch, Ideapad 300-14IBR/300-15IBR, Ideapad 300-14ISK/300-15ISK/300-17ISK, Ideapad 510S-12ISK, K21-80, K41-80, MIIX 710-12IKB , XiaoXin Air 12, YOGA 510-14ISK/510-15ISK, YOGA 710-11IKB, Yoga 710-11ISK, Yoga 900-13ISK, YOGA 900S-12ISK; ThinkServer models ThinkServer TS150, ThinkServer TS450",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2016-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T10:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"name": "94595",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94595"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN_9903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo Notebook models 110-14IBR/110-15IBR, B70-80, E31-80, E40-80, E41-80, E51-80, G40-80, G50-80, G50-80 Touch, Ideapad 300-14IBR/300-15IBR, Ideapad 300-14ISK/300-15ISK/300-17ISK, Ideapad 510S-12ISK, K21-80, K41-80, MIIX 710-12IKB , XiaoXin Air 12, YOGA 510-14ISK/510-15ISK, YOGA 710-11IKB, Yoga 710-11ISK, Yoga 900-13ISK, YOGA 900S-12ISK; ThinkServer models ThinkServer TS150, ThinkServer TS450",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94595"
},
{
"name": "https://support.lenovo.com/us/en/solutions/LEN_9903",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN_9903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2016-8224",
"datePublished": "2016-11-29T20:00:00",
"dateReserved": "2016-09-16T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8323 (GCVE-0-2020-8323)
Vulnerability from cvelistv5
Published
2020-06-09 19:50
Modified
2024-09-16 23:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary code execution
Summary
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks yngwei (@yngweijw), driedfish (@d3af1sh), and MengHao, Li of IIE VARAS"
}
],
"datePublic": "2020-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:36",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks yngwei (@yngweijw), driedfish (@d3af1sh), and MengHao, Li of IIE VARAS"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8323",
"datePublished": "2020-06-09T19:50:36.286033Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T23:55:41.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3452 (GCVE-0-2021-3452)
Vulnerability from cvelistv5
Published
2021-07-16 20:30
Modified
2024-08-03 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | ThinkPad BIOS |
Version: various |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T20:30:15",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-65529",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3452",
"datePublished": "2021-07-16T20:30:16",
"dateReserved": "2021-03-19T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6171 (GCVE-0-2019-6171)
Vulnerability from cvelistv5
Published
2019-08-19 14:56
Modified
2024-09-16 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege escalation
Summary
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Alex Matrosov and Alexandre Gazet for reporting this issue."
}
],
"datePublic": "2019-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-19T14:56:45",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27764"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to the version of BIOS (or later) described for your system in the Product Impact section of LEN-27764."
}
],
"source": {
"advisory": "LEN-27764",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-08-08T20:00:00.000Z",
"ID": "CVE-2019-6171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Alex Matrosov and Alexandre Gazet for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27764",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27764"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to the version of BIOS (or later) described for your system in the Product Impact section of LEN-27764."
}
],
"source": {
"advisory": "LEN-27764",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6171",
"datePublished": "2019-08-19T14:56:45.041686Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T20:03:17.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40134 (GCVE-0-2022-40134)
Vulnerability from cvelistv5
Published
2023-01-30 21:20
Modified
2025-03-27 15:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94953"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:26:39.063546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:26:52.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory."
}
],
"value": "An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T21:20:25.236Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94953"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-40134",
"datePublished": "2023-01-30T21:20:25.236Z",
"dateReserved": "2022-09-06T15:43:50.235Z",
"dateUpdated": "2025-03-27T15:26:52.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3432 (GCVE-0-2022-3432)
Vulnerability from cvelistv5
Published
2023-01-23 16:27
Modified
2025-04-01 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T19:50:22.887308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T19:50:37.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
],
"value": "A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T06:03:10.975Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\u003cbr\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3432",
"datePublished": "2023-01-23T16:27:12.970Z",
"dateReserved": "2022-10-07T19:59:51.458Z",
"dateUpdated": "2025-04-01T19:50:37.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8352 (GCVE-0-2020-8352)
Vulnerability from cvelistv5
Published
2020-11-11 17:35
Modified
2024-08-04 09:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Summary
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-49266"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "various",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks LI AO for reporting this issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T17:35:17",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-49266"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-49266."
}
],
"source": {
"advisory": "LEN-49266",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2020-8352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks LI AO for reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-358 Improperly Implemented Security Check for Standard"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-49266",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-49266"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-49266."
}
],
"source": {
"advisory": "LEN-49266",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8352",
"datePublished": "2020-11-11T17:35:18",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45076 (GCVE-0-2023-45076)
Vulnerability from cvelistv5
Published
2023-11-08 22:28
Modified
2024-09-04 17:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bios",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T17:55:45.684582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T17:56:30.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.\u003cbr\u003e"
}
],
"value": "A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T22:28:20.459Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 "
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-45076",
"datePublished": "2023-11-08T22:28:20.459Z",
"dateReserved": "2023-10-03T17:36:49.034Z",
"dateUpdated": "2024-09-04T17:56:30.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8322 (GCVE-0-2020-8322)
Vulnerability from cvelistv5
Published
2020-06-09 19:50
Modified
2024-09-16 20:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary code execution
Summary
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks yngwei (@yngweijw), driedfish (@d3af1sh), and MengHao, Li of IIE VARAS"
}
],
"datePublic": "2020-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:35",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks yngwei (@yngweijw), driedfish (@d3af1sh), and MengHao, Li of IIE VARAS"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8322",
"datePublished": "2020-06-09T19:50:35.842852Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T20:52:30.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8334 (GCVE-0-2020-8334)
Vulnerability from cvelistv5
Published
2020-06-09 19:50
Modified
2024-09-17 00:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unauthorized access
Summary
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Zoltan Harmath"
}
],
"datePublic": "2020-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthorized access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:37",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Zoltan Harmath"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8334",
"datePublished": "2020-06-09T19:50:37.274389Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-17T00:00:35.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40136 (GCVE-0-2022-40136)
Vulnerability from cvelistv5
Published
2023-01-30 21:20
Modified
2025-03-27 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94953"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:24:54.142774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:25:10.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory."
}
],
"value": "An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T21:20:45.280Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94953"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-40136",
"datePublished": "2023-01-30T21:20:45.280Z",
"dateReserved": "2022-09-06T15:43:50.236Z",
"dateUpdated": "2025-03-27T15:25:10.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45075 (GCVE-0-2023-45075)
Vulnerability from cvelistv5
Published
2023-11-08 22:27
Modified
2024-09-04 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bios",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T17:57:18.522310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T17:58:47.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables."
}
],
"value": "A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T22:27:32.659Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: \u003ca href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-141775 "
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-45075",
"datePublished": "2023-11-08T22:27:32.659Z",
"dateReserved": "2023-10-03T17:36:49.034Z",
"dateUpdated": "2024-09-04T17:58:47.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3430 (GCVE-0-2022-3430)
Vulnerability from cvelistv5
Published
2023-01-23 16:11
Modified
2025-04-02 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:01:24.152340Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:01:31.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
],
"value": "A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-23T16:11:41.102Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\u003cbr\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3430",
"datePublished": "2023-01-23T16:11:41.102Z",
"dateReserved": "2022-10-07T19:58:27.731Z",
"dateUpdated": "2025-04-02T15:01:31.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3453 (GCVE-0-2021-3453)
Vulnerability from cvelistv5
Published
2021-07-16 20:30
Modified
2025-07-24 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-693 - Protection Mechanism Failure
Summary
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "slow"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2021-08-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T03:55:24.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T20:30:17.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Binarly efiXplorer team for reporting these issues."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-65529",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."
}
],
"source": {
"advisory": "LEN-65529",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3453",
"datePublished": "2021-07-16T20:30:17.000Z",
"dateReserved": "2021-03-19T00:00:00.000Z",
"dateUpdated": "2025-07-24T03:55:24.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8321 (GCVE-0-2020-8321)
Vulnerability from cvelistv5
Published
2020-06-09 19:50
Modified
2024-09-17 00:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary code execution
Summary
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks yngwei (@yngweijw), driedfish (@d3af1sh), and MengHao, Li of IIE VARAS"
}
],
"datePublic": "2020-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:35",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks yngwei (@yngweijw), driedfish (@d3af1sh), and MengHao, Li of IIE VARAS"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8321",
"datePublished": "2020-06-09T19:50:35.401566Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-17T00:35:50.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4212 (GCVE-0-2021-4212)
Vulnerability from cvelistv5
Published
2022-04-22 20:30
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-77639"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Jiawei Yin(@yngweijw) and Menghao Li of IIE varas"
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T20:30:44",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-77639"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639."
}
],
"source": {
"advisory": "LEN-77639",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-4212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Jiawei Yin(@yngweijw) and Menghao Li of IIE varas"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-77639",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-77639"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-77639."
}
],
"source": {
"advisory": "LEN-77639",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-4212",
"datePublished": "2022-04-22T20:30:44",
"dateReserved": "2022-01-24T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6190 (GCVE-0-2019-6190)
Vulnerability from cvelistv5
Published
2020-02-14 17:10
Modified
2024-09-16 22:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
Summary
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-28078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2020-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-14T17:10:26",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-28078"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-28078."
}
],
"source": {
"advisory": "LEN-28078",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-02-14T17:00:00.000Z",
"ID": "CVE-2019-6190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-28078",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-28078"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-28078."
}
],
"source": {
"advisory": "LEN-28078",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6190",
"datePublished": "2020-02-14T17:10:26.285190Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T22:31:10.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-09-22 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/92661 | Third Party Advisory | |
| cve@mitre.org | https://support.lenovo.com/product_security/PS500067 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92661 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/product_security/PS500067 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D66F0D-6C60-4CF6-A509-C6FAC2E22F95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_e93:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9110B9-D4E6-4DEC-B0B9-DE4641117B54",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m6500t\\/s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BD6A2B-9A26-410E-A4D0-CCCCDECB7036",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m6600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CD688F-4889-4EC6-9664-40918E13D2AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m6600q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B844BF-DD4B-49B1-AF99-5DE7BDC3ACC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m6600t\\/s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6B017B-D84C-42E1-A1DB-2ADF40C62657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m73p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7C0580-76A1-41C4-B743-96000853236B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B97FE070-E06D-433B-AAC9-A2460E404B94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m83:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB1BF39-4D09-4133-88CB-AD9E1271EFF0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m8500t\\/s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC5D34D-72DB-455E-9A01-9066BE4D3670",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m8600t\\/s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01D2DD3A-4596-49DC-BCFB-440FA422B5D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC80C43-18AF-433D-AA51-F473B8501329",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m93:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6340A351-D5A0-46D2-BF97-412DD66BDE65",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m93p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11A2CF02-7D37-4C2A-ABB5-0F072BF7C739",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rq940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D16D5E44-A7B1-4112-B881-B5AD3BAD4EEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rs140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2808287-BB21-47D6-8D9B-FE0B72E24A5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_ts140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7791F37A-6A3D-4E9E-9A66-DBF2A7164A5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_ts240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05DAEF23-3EE2-4F8F-BE0D-F1981D46E387",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_ts440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "556D6385-C00B-4FEC-A55B-4F5ECB62C6D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_ts540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AA8271-D3BC-484D-9D2F-06807A8C2256",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation_e32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5109E812-6297-4C9F-B2A1-7DBEB186D346",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation_p300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDCE0A0B-C9EB-402A-B43B-6B7670E2BF73",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation_p310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "363F9A72-1401-4F5D-84F1-D018867D972D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key."
},
{
"lang": "es",
"value": "El BIOS para Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93 y dispositivos M93P; ThinkServer RQ940, RS140, TS140, TS240, TS440 y dispositivos TS540; y ThinkStation E32, P300 y dispositivos P310 podr\u00eda permitir a usuarios locales o atacantes f\u00edsicamente pr\u00f3ximos eludir el mecanismo de protecci\u00f3n Secure Boot mediante el aprovechamiento de una llave test AMI."
}
],
"id": "CVE-2016-5247",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-22T15:59:00.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/92661"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/product_security/PS500067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/92661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/product_security/PS500067"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D66F0D-6C60-4CF6-A509-C6FAC2E22F95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:710s-13ikb\\/xiaoxin_air_13ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF203824-4977-4970-93FA-311FC0726DE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:710s-13isk\\/xiaoxin_air_13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA559DCA-5395-4205-916B-62A94E078788",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k21-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E56C7CE7-D4A0-4179-B65D-EA8EDA2F7299",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k22-80\\/lenovo_v720-12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6817BA2D-2383-428F-941D-BCAC7A476818",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k41-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC9595C-D1DA-4769-9401-1D2430CE69CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_110-14ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63C6054-D0EE-4AED-B829-A2F676E89D86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_110-15ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3F252A-E00B-40AA-8F02-7987D2102D4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_320-14ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD8431A-FFF2-4519-BCC3-80A8B76CC80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_320-15ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21481398-B4A5-4C7F-BA4F-A52D6C13756B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_xiaoxin_rui7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94BA3B3C-0E21-4877-8B0D-11E5FEF12384",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:miix_710-12ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE26E1F-D6B8-4ECD-86DE-D492BBC1FE64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:miix_720-12ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E7697B-53B4-4A2A-B285-0620962A0E4A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_320-17ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "719BD6FE-DB95-4096-9829-33536AD077C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:rescuer_e520-15ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC1D30D-C105-4BAF-9085-7E5C8D253A23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-14iap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAED167E-15AF-4B45-952C-113726BCFAE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-15iap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972B1468-D71C-449C-B392-4A62BA9BF835",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-15ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9423385C-5562-4578-9602-C85ED87CB530",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-15isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C41B17-C208-4A3A-BCC5-F7D4046A9249",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga_710-11ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A573B96D-E21C-4869-A6CE-FDB3926875CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code."
},
{
"lang": "es",
"value": "Algunos sistemas notebook de la marca Lenovo no tienen protecciones de escritura configuradas apropiadamente en el BIOS del sistema. Esto podr\u00eda permitir a un atacante con acceso f\u00edsico o administrativo a un sistema para ser capaz de flashear el BIOS con una imagen arbitraria y potencialmente ejecutar c\u00f3digo BIOS malicioso."
}
],
"id": "CVE-2017-3754",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T19:29:00.323",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-29 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D66F0D-6C60-4CF6-A509-C6FAC2E22F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_110_14ibr_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F95D809E-23E0-4887-826D-F3078B3C9ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_110_15ibr_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "647044E0-5561-4C2C-9CA7-6C3CFBC5601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_b70_80_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCCB25-38AE-4D4E-9A2C-8F1F071ED246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_e31_80_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C30497A-245A-42E5-AC9F-C853EFE0E13C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_e40_80_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6119EA0-4B8A-4E66-99E3-22FFB75C1F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_e41_80_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC5648-5CD3-47A5-8258-4384B2CD8B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_e51_80_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "676B6906-60E9-41A1-A85A-D08EFE5DCE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_g40_80_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1648A659-67C5-4387-B74B-7194FF212C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_g50_80_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB179FE4-7FD2-45E0-8141-923ED46E1AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_g50_80_touch_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61E6087F-0E54-4411-838A-1AF443D0684F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_ideapad_300_14ibr_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FAC9552-F856-4C7A-BD0D-8391D31DC74C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_ideapad_300_14isk_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "546DAD7B-58D6-4E33-8639-4B54C88421EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_ideapad_300_15ibr_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC25079-36F5-4312-8F9D-AE895C86DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_ideapad_300_15isk_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1B0078-6F39-4093-914F-C5154292AC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_ideapad_300_17isk_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5927B8CC-9D5E-4AED-B40A-604B50596C4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_ideapad_510s_12isk_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B03AAC7F-CF2E-46BF-90F7-B9ED040AEF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_k21_80_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79E603B0-C0C1-44CC-ADB2-F8F5805CE455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_k41_80_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1F5A20-2E32-4211-8946-5F8E4713726D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_miix_710_12ikb_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DED6589D-4A77-4A8F-8762-183739D8DA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_xiaoxin_air_12_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7EB8FF-205C-47D7-BCE4-72576CCF0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_yoga_510_14isk_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46265B64-69F5-470C-A7D1-72620B42CF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_yoga_510_15isk_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39FC8894-2619-4BB5-8B1E-CBA7134045EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_yoga_710_11ikb_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77E0BD48-00CA-4FA7-A622-750727BC8D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_yoga_710_11isk_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01C6DF33-6F13-4A40-AFBA-98D36CB7BE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_yoga_900_13isk_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6118B0D3-F6EB-42B9-8C82-85ECF5B41B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:notebook_yoga_900s_12isk_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FBA5BE-CAA5-490D-9711-EE0B8E3D0305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_ts150_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26622047-8020-4512-BC20-9C4B26C41E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_ts450_bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "625A809C-6816-44B2-AAD8-5113CEC4DE50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:notebook_110_14ibr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41B2983E-CAF9-4E6E-A4D4-F79AEF94CB84",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_110_15ibr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C896D60-612E-461D-A3C2-B3459EB0E238",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_b70_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E0AA9B-81C3-4D6C-88D0-65970C5682A8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_e31_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F834881-401E-4E32-99C8-00D6843330F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_e40_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4CA14A-A647-4B07-923F-AD7C12681B4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_e41_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "204534AC-7376-4466-B598-3A25AB4AA377",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_e51_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF9B47C-D285-4E5A-AD07-A40C2AA5FECF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_g40_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D65DC1E-0491-4963-9462-5EAC25CD2830",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_g50_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D612750E-8B26-4148-AE1E-8A149A959297",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_g50_80_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBDA89B6-39CF-4198-9857-718DF5BA5847",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_ideapad_300_14ibr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991E19-F9B2-4AFD-94A9-326BC43234A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_ideapad_300_14isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD27C15-9EED-4532-AD0A-CC4FC943FF8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_ideapad_300_15ibr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D30B00BC-5F48-4BB1-9DD9-311A0BFE91A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_ideapad_300_15isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD912317-0247-4BD0-BC69-69FE0B1B1195",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_ideapad_300_17isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E935C4C-2C5F-4D5A-A212-79267C02B7E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_ideapad_510s_12isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "470CEC61-3CA0-4821-8B32-2B41C5E832DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_k21_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD41CA0-862C-44ED-A865-3D9626B1B1C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_k41_80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97FF7810-3A0A-436A-A88E-1ECFB61C0890",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_miix_710_12ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73B2E2E2-A7DF-486C-B5B9-8D04CEC38AC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_xiaoxin_air_12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB2BCC5-30DD-4C2D-8291-2982D2E4F382",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_yoga_510_14isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2887E6-82C6-4456-A3BF-E10CFFF4CE89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_yoga_510_15isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D86ECF6E-2A92-470E-8D9A-5EEFA24AA944",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_yoga_710_11ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1BC063-90B1-4737-A77C-376BF26E4D97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_yoga_710_11isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A363290-2FA0-4C73-A221-BA5EA342A667",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_yoga_900_13isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C817782-1F17-449C-9678-3EFB85AB8B7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_yoga_900s_12isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E57E495B-36C1-4910-80EE-90665E0ABF0F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_ts150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41D3E3E1-5ED3-45F0-B823-190A8A1119C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_ts450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85E220-538C-4F31-9469-3B8069F1D1DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido identificada en algunos sistemas Lenovo Notebook y ThinkServer donde un atacante con privilegios administrativos en un sistema podr\u00eda instalar un programa que evita protecciones Intel Management Engine (ME). Esto podr\u00eda resultar en una denegaci\u00f3n de servicio o ataque de escalamiento de privilegios en el sistema."
}
],
"id": "CVE-2016-8224",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-29T20:59:02.437",
"references": [
{
"source": "psirt@lenovo.com",
"url": "http://www.securityfocus.com/bid/94595"
},
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN_9903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/solutions/LEN_9903"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-16 21:15
Modified
2024-11-21 06:21
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D66F0D-6C60-4CF6-A509-C6FAC2E22F95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_11e_3rd_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C40A89-6683-4146-A5C2-46E253E33664",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_11e_4th_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3364758F-CBFC-47DD-98E2-12770869EE0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_11e_5th_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D46E4CE-05BB-498B-98C1-C641430AE0FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_11e_yoga_gen_6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA392C0-4D5A-4440-8910-C248F17077CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_13_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59C2F35D-79A1-4671-BA7E-4AAF2BA13744",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e14_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC416997-C5A5-4AAA-B998-7F27B2AB2D0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e15_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94DAF479-1162-440D-95DC-A4F94C143EB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99429424-2602-458B-BB57-C2E161005587",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E560943-6A00-4423-91F3-FBBBBB978F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1295E4F8-431A-43ED-8104-DBBD0CDB1978",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l13_yogo_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14789824-42A5-4944-B2BE-663456450249",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l14:-:*:*:*:*:*:*:*",
"matchCriteriaId": "724B10DF-7AA6-4541-A1F4-388E7BEB2319",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l14_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE86BB2-232D-4DD9-9630-EA6517C64EB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65290880-A7DF-4350-8BBB-8175811EC15E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l15_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77DDB8D3-F2BD-42AB-B927-D38FB54EE902",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FFC7C4-2CAF-440A-8ED8-F25EA19F86C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l380_yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2187E37E-E3D6-467A-934C-D5613FBF8641",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "072FAC2E-2349-465C-96C0-C24E3891A7B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l390_yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17DD928B-F0BF-44F1-9EA4-DC82233A2E69",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t460:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D86FD3AD-D731-4C30-8A72-EC1A45B203F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x12_detachable_gen_1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2439F63-731F-47A4-B625-B3520ECDA0B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08393A13-D68E-4042-B223-EF80E581EEBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E1704F-6BB6-4B7C-ADE6-720533FB46E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_3rd_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8D4BE6-6E87-4892-9E16-2799D0E0CA21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_4th_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24977327-E104-4F51-8CF1-6EF1FEAED9F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30B0E5C1-5A7B-4310-A4D3-A12E1F059568",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D66F0D-6C60-4CF6-A509-C6FAC2E22F95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code."
},
{
"lang": "es",
"value": "Una potencial vulnerabilidad en la funci\u00f3n shutdown SMI callback del sistema en algunos modelos ThinkPad, puede permitir a un atacante con acceso local y privilegios elevados ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2021-3452",
"lastModified": "2024-11-21T06:21:34.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-16T21:15:10.607",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-65529"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}