Lenovo Bios
36 CVEs affecting Lenovo Bios. Latest disclosed: 2024-04-05. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-5247 | High | 7.8 | 2016-09-22 | The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS… |
CVE-2021-3453 | Medium | 6.8 | 2021-07-16 | Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access… |
CVE-2019-6171 | Medium | 6.8 | 2019-08-19 | A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the a… |
CVE-2023-25493 | Medium | 6.7 | 2024-04-05 | A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a… |
CVE-2023-45079 | Medium | 6.7 | 2023-11-08 | A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. |
CVE-2023-45078 | Medium | 6.7 | 2023-11-08 | A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM var… |
CVE-2023-45077 | Medium | 6.7 | 2023-11-08 | A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. |
CVE-2023-45076 | Medium | 6.7 | 2023-11-08 | A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. |
CVE-2023-45075 | Medium | 6.7 | 2023-11-08 | A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. |
CVE-2022-3431 | Medium | 6.7 | 2023-10-09 | A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow… |
CVE-2022-40137 | Medium | 6.7 | 2023-01-30 | A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code. |
CVE-2022-3432 | Medium | 6.7 | 2023-01-26 | A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker wit… |
CVE-2022-1892 | Medium | 6.7 | 2023-01-26 | A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. |
CVE-2022-1891 | Medium | 6.7 | 2023-01-26 | A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. |
CVE-2022-1890 | Medium | 6.7 | 2023-01-26 | A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. |
CVE-2022-3430 | Medium | 6.7 | 2023-01-23 | A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot… |
CVE-2021-4212 | Medium | 6.7 | 2022-04-22 | A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local acce… |
CVE-2021-4211 | Medium | 6.7 | 2022-04-22 | A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow… |
CVE-2021-4210 | Medium | 6.7 | 2022-04-22 | A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker… |
CVE-2021-3452 | Medium | 6.7 | 2021-07-16 | A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges… |