CVE-2022-3744

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential...

CVE-2023-20578

A TOCTOU Time-Of-Check-Time-Of-Use in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution...

CVE-2023-20578

CVE-2023-20578 describes a TOCTOU in SMM that could allow a ring-0 attacker with BIOS menu/UEFI shell access to modify a communications buffer and potentially execute arbitrary code. Connected documents confirm this vulnerability in the AMD Secure Processor (ASP) / Platform Initialization (PI) co...

[SECURITY] [DSA 5461-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5461-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 30, 2023 https://www.debian.org/security/faq -...

System firmware Can Be Erased or Corrupted After Boot - Lenovo Support US

No description provided...

System x Secure Boot Vulnerability - Lenovo Support US

No description provided...

Intel ME 6.x/7.x/8.x/9.x/10.x./11.x, SPS 4.0, and TXE 3.0 Cumulative Security Update - US

Lenovo Security Advisory: LEN-17297 Potential Impact: An attacker could load and execute arbitrary code outside the visibility of the user, operating system, and hypervisor/virtualization platform; resulting in exfiltration of secrets, subtle manipulation of system operation, or denial of service...

Intel ME 6.x/7.x/8.x/9.x/10.x./11.x, SPS 4.0, and TXE 3.0 Cumulative Security Update - Lenovo Support US

No description provided...

Lenovo Patches Arbitrary Code Execution Flaw

Lenovo issued a pair of security advisories on Friday for its popular ThinkPad line and System x servers. One bug is tied to an authentication flaw in the Secure Boot process; and the other to a vulnerability that would allow for arbitrary code execution. The company’s internal testing team...

CVE-2017-3775

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...

CVE-2017-3775

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code...

Design/Logic Flaw

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process...

CVE-2017-3771

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process...

CVE-2017-3771

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process...

Secure BIOS/UEFI Set-up Incomplete in Lenovo E95 and ThinkCentre M710s/M710t - Lenovo Support US

No description provided...

Millions of PCs Affected by Mysterious Computrace Backdoor

UPDATE: A previous version of this story incorrectly stated that Anibal Sacco works for Core Security. Sacco left Core Security last year to start Cubica Labs. LAS VEGAS – Nearly every PC has an anti-theft product called Computrace embedded in its BIOS PCI Optional ROM or its unified extensible...