21 matches found
CVE-2026-0940
CVE-2026-0940 concerns an improper initialization vulnerability in the BIOS of some ThinkPads. It could let a local privileged user modify data and execute arbitrary code. Affected software/hardware: ThinkPad BIOS firmware (on affected ThinkPad models). Root cause: improper initialization. Impact...
CVE-2026-0940
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...
CVE-2026-0421
A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode...
CVE-2026-0421
CVE-2026-0421 involves Lenovo ThinkPad BIOS where Secure Boot can be turned off even when the BIOS reports it as On, specifically on systems with Secure Boot configured to User Mode. Affected models include ThinkPad L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2. The issue is described as ...
EUVD-2022-50900
Malicious code in bioql PyPI...
CVE-2023-5078
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware...
CVE-2022-4574
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2023-5078
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware...
Lenovo ThinkPad BIOS Security Vulnerability
Lenovo ThinkPad BIOS is a program for booting the system of a laptop from the Chinese company Lenovo Lenovo. A security vulnerability exists in Lenovo ThinkPad BIOS. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the manufacturer's announcement...
CVE-2022-4575
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot...
PT-2023-14742 · Lenovo · Thinkpad
Name of the Vulnerable Software and Affected Versions: ThinkPad affected versions not specified Description: A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models. This could allow an attacker with physical or local access and elevated...
Multi-vendor BIOS Security Vulnerabilities (October 2023) - Lenovo Support US
No description provided...
CVE-2022-48181
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code...
Lenovo ThinkPad 缓冲区错误漏洞
Lenovo ThinkPad is a portable computer from Lenovo, a Chinese company. The Lenovo ThinkPad BIOS suffers from a buffer error vulnerability that originates from a boundary error in the LenovoFlashDeviceInterface within the SMI handler. A local attacker could run a specially crafted program to trigg...
ThinkPad BIOS Vulnerabilities - Lenovo Support US
No description provided...
CVE-2020-8320
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege...
CVE-2020-8320
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege...
Security feature bypass
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode SMM services. This could lead to a denial of service attack or allow certain BIOS variables or...
Accessing data on Self-Encrypting drives while a system is in sleep state
Lenovo Security Advisory: LEN-2910 Potential Impact: Physical access of encrypted data Severity: Informational Summary: At the BlackHat Europe 2015 conference, KPMG disclosed an industry-wide vulnerability affecting hard disk drives that employ hardware-based Full Disk Encryption FDE. These drive...
Accessing data on Self-Encrypting drives while a system is in sleep state - Lenovo Support US
No description provided...