CVE-2025-10238

During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode SMM...

CVE-2026-0940

CVE-2026-0940 concerns an improper initialization vulnerability in the BIOS of some ThinkPads. It could let a local privileged user modify data and execute arbitrary code. Affected software/hardware: ThinkPad BIOS firmware (on affected ThinkPad models). Root cause: improper initialization. Impact...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

CVE-2026-0421

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode...

CVE-2026-0421

CVE-2026-0421 involves Lenovo ThinkPad BIOS where Secure Boot can be turned off even when the BIOS reports it as On, specifically on systems with Secure Boot configured to User Mode. Affected models include ThinkPad L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2. The issue is described as ...

EUVD-2022-50900

Malicious code in bioql PyPI...

CVE-2023-5078

A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware...

CVE-2022-4574

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...

CVE-2023-5078

A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware...

Lenovo ThinkPad BIOS Security Vulnerability

Lenovo ThinkPad BIOS is a program for booting the system of a laptop from the Chinese company Lenovo Lenovo. A security vulnerability exists in Lenovo ThinkPad BIOS. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the manufacturer's announcement...

CVE-2022-4575

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot...

PT-2023-14742 · Lenovo · Thinkpad

Name of the Vulnerable Software and Affected Versions: ThinkPad affected versions not specified Description: A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models. This could allow an attacker with physical or local access and elevated...

Multi-vendor BIOS Security Vulnerabilities (October 2023) - Lenovo Support US

No description provided...

CVE-2022-48181

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code...

The vulnerability of the LenovoFlashDeviceInterface interface in the System Management Interrupt (SMI) handling of the BIOS of ThinkPad notebook software allows a attacker to execute arbitrary code with elevated privileges.

The vulnerability of the LenovoFlashDeviceInterface interface in the System Management Interrupt SMI handling of BIOS microprogramming systems in ThinkPad laptops is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows an attacker to execute...

Lenovo ThinkPad 缓冲区错误漏洞

Lenovo ThinkPad is a portable computer from Lenovo, a Chinese company. The Lenovo ThinkPad BIOS suffers from a buffer error vulnerability that originates from a boundary error in the LenovoFlashDeviceInterface within the SMI handler. A local attacker could run a specially crafted program to trigg...

ThinkPad BIOS Vulnerabilities - Lenovo Support US

No description provided...

CVE-2020-8320

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege...

CVE-2020-8320

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege...

Security feature bypass

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode SMM services. This could lead to a denial of service attack or allow certain BIOS variables or...