Lenovo Thinkpad X260 Firmware vulnerabilities

9 known vulnerabilities affecting lenovo/thinkpad_x260_firmware.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM7LOW1

Vulnerabilities

Page 1 of 1
CVE-2022-4575MEDIUMCVSS 6.7fixed in 1.502023-10-30
CVE-2022-4575 [MEDIUM] CWE-276 CVE-2022-4575: A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
nvd
CVE-2019-19705HIGHCVSS 7.8fixed in 6.0.8924.12022-12-26
CVE-2019-19705 [HIGH] CWE-428 CVE-2019-19705: Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20 Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.
nvd
CVE-2021-3786MEDIUMCVSS 5.5fixed in 2021-10-312021-11-12
CVE-2021-3786 [MEDIUM] CWE-20 CVE-2021-3786: A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Not A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.
nvd
CVE-2021-3599MEDIUMCVSS 6.7fixed in 2021-10-312021-11-12
CVE-2021-3599 [MEDIUM] CWE-20 CVE-2021-3599: A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
nvd
CVE-2021-3718MEDIUMCVSS 4.6≤ 1.47\/1.152021-11-12
CVE-2021-3718 [MEDIUM] CWE-232 CVE-2021-3718: A denial of service vulnerability was reported in some ThinkPad models that could cause a system to A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.
nvd
CVE-2021-3843MEDIUMCVSS 6.7≤ 1.47\/1.152021-11-12
CVE-2021-3843 [MEDIUM] CWE-20 CVE-2021-3843: A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
nvd
CVE-2020-8320MEDIUMCVSS 6.8fixed in 2020-07-102020-06-09
CVE-2020-8320 [MEDIUM] CWE-489 CVE-2020-8320: An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
nvd
CVE-2020-8323MEDIUMCVSS 6.7fixed in 2020-07-102020-06-09
CVE-2020-8323 [MEDIUM] CVE-2020-8323: A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo T A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
nvd
CVE-2019-6156LOWCVSS 3.3fixed in r02et70w2019-04-10
CVE-2019-6156 [LOW] CWE-667 CVE-2019-6156: In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this prov In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not i
nvd