An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HLenovo Thinkpad E14
HWLenovowszystkie wersjeLenovo Thinkpad E14 Firmware
OSLenovo< 1.23Lenovo Thinkpad E14 Gen 2
HWLenovowszystkie wersjeLenovo Thinkpad E14 Gen 2 Firmware
OSLenovo< 1.55Lenovo Thinkpad E14 Gen 4
HWLenovowszystkie wersjeLenovo Thinkpad E14 Gen 4 Firmware
OSLenovo< 1.18< 1.16Lenovo Thinkpad E15
HWLenovowszystkie wersjeLenovo Thinkpad E15 Firmware
OSLenovo< 1.23Lenovo Thinkpad E15 Gen 2
HWLenovowszystkie wersjeLenovo Thinkpad E15 Gen 2 Firmware
OSLenovo< 1.55Lenovo Thinkpad E15 Gen 4
HWLenovowszystkie wersjeLenovo Thinkpad E15 Gen 4 Firmware
OSLenovo< 1.18< 1.16Lenovo Thinkpad E490
HWLenovowszystkie wersjeLenovo Thinkpad E490 Firmware
OSLenovo< 1.34Lenovo Thinkpad E490s
HWLenovowszystkie wersjeLenovo Thinkpad E490s Firmware
OSLenovo< 1.34Lenovo Thinkpad E590
HWLenovowszystkie wersjeLenovo Thinkpad E590 Firmware
OSLenovo< 1.34Lenovo Thinkpad L13 Gen 3
HWLenovowszystkie wersjeLenovo Thinkpad L13 Gen 3 Firmware
OSLenovo< 1.14Lenovo Thinkpad L13 Yoga Gen 3
HWLenovowszystkie wersjeLenovo Thinkpad L13 Yoga Gen 3 Firmware
OSLenovo< 1.14Lenovo Thinkpad L14
HWLenovowszystkie wersjeLenovo Thinkpad L14 Firmware
OSLenovo< 1.2< 1.3< 1.26Lenovo Thinkpad L15
HWLenovowszystkie wersjeLenovo Thinkpad L15 Firmware
OSLenovo< 1.2< 1.3Lenovo Thinkpad L15 Gen 2
HWLenovowszystkie wersjeLenovo Thinkpad L15 Gen 2 Firmware
OSLenovowszystkie wersjeLenovo Thinkpad L15 Gen 3
HWLenovowszystkie wersjeLenovo Thinkpad L15 Gen 3 Firmware
OSLenovo< 1.26
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
Related vulnerabilities
CVE-2023-3112HIGH7.8ten sam produkt
A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an a...
CVE-2023-4030HIGH8.4ten sam produkt
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could ...
CVE-2019-18619HIGH7.8ten sam produkt
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all ver...
CVE-2023-5078MEDIUM6.7ten sam produkt
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated...
CVE-2022-4574MEDIUM6.7ten sam produkt
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker wit...