A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HLenovo Thinkpad 11e 3rd Gen
HWLenovowszystkie wersjeLenovo Thinkpad 11e 3rd Gen Firmware
OSLenovo≤ 1.22≤ 1.29Lenovo Thinkpad 11e 4th Gen Celeron
HWLenovowszystkie wersjeLenovo Thinkpad 11e 4th Gen Celeron Firmware
OSLenovo≤ 1.27Lenovo Thinkpad 11e 4th Gen I3
HWLenovowszystkie wersjeLenovo Thinkpad 11e 4th Gen I3 Firmware
OSLenovo≤ 1.22Lenovo Thinkpad 11e 4th Gen I5
HWLenovowszystkie wersjeLenovo Thinkpad 11e 4th Gen I5 Firmware
OSLenovo≤ 1.22Lenovo Thinkpad 11e 4th Gen I7
HWLenovowszystkie wersjeLenovo Thinkpad 11e 4th Gen I7 Firmware
OSLenovo≤ 1.22Lenovo Thinkpad 11e 5th Gen
HWLenovowszystkie wersjeLenovo Thinkpad 11e 5th Gen Firmware
OSLenovo≤ 1.13Lenovo Thinkpad 11e Yoga Gen 6
HWLenovowszystkie wersjeLenovo Thinkpad 11e Yoga Gen 6 Firmware
OSLenovo≤ 1.12Lenovo Thinkpad 13 Gen 2
HWLenovowszystkie wersjeLenovo Thinkpad 13 Gen 2 Firmware
OSLenovo≤ 1.29Lenovo Thinkpad L13
HWLenovowszystkie wersjeLenovo Thinkpad L13 Firmware
OSLenovo≤ 1.31Lenovo Thinkpad L13 Gen 2
HWLenovowszystkie wersjeLenovo Thinkpad L13 Gen 2 Firmware
OSLenovo≤ 1.11≤ 1.08Lenovo Thinkpad L13 Yoga
HWLenovowszystkie wersjeLenovo Thinkpad L13 Yoga Firmware
OSLenovo≤ 1.31Lenovo Thinkpad L13 Yoga Gen 2
HWLenovowszystkie wersjeLenovo Thinkpad L13 Yoga Gen 2 Firmware
OSLenovo≤ 1.08≤ 1.11Lenovo Thinkpad L14
HWLenovowszystkie wersjeLenovo Thinkpad L14 Firmware
OSLenovo< 1.20.1.17Lenovo Thinkpad L14 Gen 1
HWLenovowszystkie wersjeLenovo Thinkpad L14 Gen 1 Firmware
OSLenovo< 1.15Lenovo Thinkpad L15
HWLenovowszystkie wersjeLenovo Thinkpad L15 Firmware
OSLenovo< 1.20.1.17
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
Related vulnerabilities
CVE-2017-3767HIGH7.8ten sam produkt
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1....
CVE-2023-5078MEDIUM6.7ten sam produkt
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated...
CVE-2022-4574MEDIUM6.7ten sam produkt
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker wit...
CVE-2022-4573MEDIUM6.7ten sam produkt
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with loca...
CVE-2022-4575MEDIUM6.7ten sam produkt
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad ...