Lenovo Thinkpad Bios vulnerabilities

CVE-2023-5078 [MEDIUM] CWE-1419 CVE-2023-5078: A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker wit A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.

CVE-2022-4575 [MEDIUM] CWE-276 CVE-2022-4575: A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

CVE-2022-4574 [MEDIUM] CWE-20 CVE-2022-4574: An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an at An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE-2022-48189 [MEDIUM] CWE-20 CVE-2022-48189: An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an atta An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE-2022-1108 [MEDIUM] CWE-20 CVE-2022-1108: A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInte A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

CVE-2022-1107 [MEDIUM] CWE-20 CVE-2022-1107: During an internal product security audit a potential vulnerability due to use of Boot Services in t During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

CVE-2021-3599 [MEDIUM] CWE-20 CVE-2021-3599: A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE-2021-3718 [MEDIUM] CWE-232 CVE-2021-3718: A denial of service vulnerability was reported in some ThinkPad models that could cause a system to A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.

CVE-2021-3843 [MEDIUM] CWE-20 CVE-2021-3843: A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE-2021-3452 [MEDIUM] CWE-20 CVE-2021-3452: A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may a A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.