CVE-2022-3743

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller EC commands...

CVE-2022-3746

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller EC interface...

Design/Logic Flaw

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller EC interface...

CVE-2022-3746

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller EC interface...

CVE-2022-3746

Summary of vulnerability (CVE-2022-3746) : The issue affects Lenovo consumer notebook models using LCFC BIOS, where an exposed Embedded Controller (EC) interface can be leveraged by a local attacker with elevated privileges to cause certain peripherals to behave abnormally. The available sources ...

CVE-2022-3743

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller EC commands...

CVE-2022-3743

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller EC commands...

Lenovo Notebook 信息泄露漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo notebook suffers from an information disclosure vulnerability that stems from a security issue in the LCFC BIOS that allows a local attacker with elevated privileges to enumerate Embedded Controller EC commands under...

Lenovo Notebook 访问控制错误漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo notebook suffers from an Access Control Error vulnerability that stems from the exposure of the Embedded Controller EC interface in the LCFC BIOS, which causes certain peripheral devices to work abnormally...

PT-2023-13541 · Lenovo · Lcfc Bios

Name of the Vulnerable Software and Affected Versions: LCFC BIOS affected versions not specified Description: A potential issue was discovered in LCFC BIOS for some Lenovo consumer notebook models. This could allow a local attacker with elevated privileges to cause some peripherals to work...

CVE-2022-42455

ASUS EC Tool driver aka d.sys 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local user...

CVE-2021-0060

Insufficient compartmentalization in HECI subsystem for the IntelR SPS before versions SPSE504.01.04.516.0, SPSE504.04.04.033.0, SPSE504.04.03.281.0, SPSE503.01.03.116.0, SPSE305.01.04.309.0, SPS02.04.00.101.0, SPSSoC-A05.00.03.114.0, SPSSoC-X04.00.04.326.0, SPSSoC-X03.00.03.117.0,...

CVE-2019-6171

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware...

Design/Logic Flaw

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware...

CVE-2019-6171

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware...

Multiple Lenovo Products Privilege License and Access Control Issues Vulnerabilities

The Lenovo ThinkPad 10 20E3 and others are products of Lenovo, a Chinese company.The Lenovo ThinkPad 10 20E3 is a tablet PC.The ThinkPad 10 20E4 is a tablet PC.The ThinkPad 13 KBL 20J1 is a laptop PC. A privilege permission and access control issue vulnerability exists in systems in multiple Leno...

Embedded Controller Update Vulnerability - US

Lenovo Security Advisory: LEN-27764 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6171 Summary Description: A vulnerability was reported in older ThinkPad systems that could allow a user with administrative privileges or physical...

CVE-2018-12147

Insufficient input validation in HECI subsystem in IntelR CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access...

The vulnerability of the HECI subsystem of the microprogramming software for Intel Server Platform Services allows a perpetrator to cause a service failure.

The vulnerability of the HECI subsystem of the microprogramming software for Intel Server Platform Services SPS is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to cause service failures...

Intel Server Platform Services Input Validation Error Vulnerability

Intel Server Platform Services SPS is a server platform services program from Intel Corporation in the U.S. The HECI subsystem is one of the host embedded controller interface subsystems. An input validation error vulnerability exists in Intel Server Platform Services that stems from the program...