Lenovo Bios vulnerabilities
34 known vulnerabilities affecting lenovo/bios.
Total CVEs
34
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM25LOW2
Vulnerabilities
Page 2 of 2
CVE-2020-8354MEDIUMCVSS 6.7≥ unspecified, < various2020-11-11
CVE-2020-8354 [MEDIUM] CWE-367 CVE-2020-8354: A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
cvelistv5nvd
CVE-2020-8352LOWCVSS 2.4≥ unspecified, < various2020-11-11
CVE-2020-8352 [LOW] CWE-358 CVE-2020-8352: In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
cvelistv5nvd
CVE-2020-8333HIGHCVSS 7.8vvarious2020-09-24
CVE-2020-8333 [HIGH] CVE-2020-8333: A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desk
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution
cvelistv5nvd
CVE-2020-0528HIGHCVSS 7.8vSee provided reference2020-06-15
CVE-2020-0528 [HIGH] CVE-2020-0528: Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated us
Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.
cvelistv5
CVE-2020-0529HIGHCVSS 7.8vSee provided reference2020-06-15
CVE-2020-0529 [HIGH] CVE-2020-0529: Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to po
Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.
cvelistv5
CVE-2020-8321MEDIUMCVSS 6.7vvarious2020-06-09
CVE-2020-8321 [MEDIUM] CVE-2020-8321: A potential vulnerability in the SMI callback function used in the System Lock Preinstallation drive
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
cvelistv5nvd
CVE-2020-8334MEDIUMCVSS 6.8vvarious2020-06-09
CVE-2020-8334 [MEDIUM] CWE-754 CVE-2020-8334: The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A2
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.
cvelistv5nvd
CVE-2020-8320MEDIUMCVSS 6.8vvarious2020-06-09
CVE-2020-8320 [MEDIUM] CWE-489 CVE-2020-8320: An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
cvelistv5nvd
CVE-2020-8322MEDIUMCVSS 6.7vvarious2020-06-09
CVE-2020-8322 [MEDIUM] CVE-2020-8322: A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
cvelistv5nvd
CVE-2020-8336MEDIUMCVSS 6.8vvarious2020-06-09
CVE-2020-8336 [MEDIUM] CVE-2020-8336: Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.
cvelistv5nvd
CVE-2020-8323MEDIUMCVSS 6.7vvarious2020-06-09
CVE-2020-8323 [MEDIUM] CVE-2020-8323: A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo T
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
cvelistv5nvd
CVE-2019-6190MEDIUMCVSS 5.5vvarious2020-02-14
CVE-2019-6190 [MEDIUM] CWE-665 CVE-2019-6190: Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BI
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.
cvelistv5nvd
CVE-2019-6171MEDIUMCVSS 6.8vvarious2019-08-19
CVE-2019-6171 [MEDIUM] CVE-2019-6171: A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a u
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
cvelistv5nvd
CVE-2019-6156LOWCVSS 3.3vvarious2019-04-10
CVE-2019-6156 [LOW] CWE-667 CVE-2019-6156: In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this prov
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not i
cvelistv5nvd
← Previous2 / 2