Lenovo Security Advisory: LEN-24238
Potential Impact: Information disclosure, code execution
Scope of Impact: Industry-wide
AMI has reported to Lenovo that the System Management Mode (SMM) module was not properly validating buffers in the BIOS supplied by AMI. Exploitation of this vulnerability could allow an attacker to read or modify SMRAM.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to the version of BIOS (or later) described for your system in the product impact section.