Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40134 | 1 Lenovo | 650 Ideacentre 3-07ada05, Ideacentre 3-07ada05 Firmware, Ideacentre 3-07imb05 and 647 more | 2023-02-08 | N/A | 4.4 MEDIUM |
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. | |||||
CVE-2021-3786 | 1 Lenovo | 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more | 2021-11-26 | 2.1 LOW | 5.5 MEDIUM |
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. | |||||
CVE-2021-3599 | 1 Lenovo | 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more | 2021-11-24 | 7.2 HIGH | 6.7 MEDIUM |
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | |||||
CVE-2020-8336 | 1 Lenovo | 76 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E15 and 73 more | 2020-06-22 | 4.6 MEDIUM | 6.8 MEDIUM |
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. | |||||
CVE-2020-8323 | 1 Lenovo | 344 14iwl, 14iwl Firmware, 330-14ast and 341 more | 2020-06-22 | 4.6 MEDIUM | 6.7 MEDIUM |
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. | |||||
CVE-2020-8320 | 1 Lenovo | 200 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga Gen 6 and 197 more | 2020-06-17 | 4.6 MEDIUM | 6.8 MEDIUM |
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. |