2021-11-12
|
CVE-2021-3599
|
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
|
Ideapad_s940\-14iwl_firmware, Ideapad_yoga_s940\-14iwl_firmware, Thinkpad_10_firmware, Thinkpad_11e_3rd_gen_firmware, Thinkpad_11e_4th_gen_firmware, Thinkpad_11e_yoga_gen_6_firmware, Thinkpad_13_gen_2_firmware, Thinkpad_25_firmware, Thinkpad_e14_firmware, Thinkpad_e14_gen_2_firmware, Thinkpad_e14_gen_3_firmware, Thinkpad_e15_firmware, Thinkpad_e15_gen_2_firmware, Thinkpad_e15_gen_3_firmware, Thinkpad_e470_firmware, Thinkpad_e480_firmware, Thinkpad_e490_firmware, Thinkpad_e570_firmware, Thinkpad_e580_firmware, Thinkpad_e590_firmware, Thinkpad_helix_firmware, Thinkpad_l13_firmware, Thinkpad_l13_gen_2_firmware, Thinkpad_l13_yoga_firmware, Thinkpad_l13_yoga_gen_2_firmware, Thinkpad_l14_firmware, Thinkpad_l15_firmware, Thinkpad_l15_gen_2_firmware, Thinkpad_l380_firmware, Thinkpad_l380_yoga_firmware, Thinkpad_l390_firmware, Thinkpad_l390_yoga_firmware, Thinkpad_l460_firmware, Thinkpad_l470_firmware, Thinkpad_l480_firmware, Thinkpad_l490_firmware, Thinkpad_l560_firmware, Thinkpad_l570_firmware, Thinkpad_l580_firmware, Thinkpad_l590_firmware, Thinkpad_p14s_gen_1_firmware, Thinkpad_p14s_gen_2_firmware, Thinkpad_p15_gen_1_firmware, Thinkpad_p15s_gen_1_firmware, Thinkpad_p15s_gen_2_firmware, Thinkpad_p15v_gen_1_firmware, Thinkpad_p17_gen_1_firmware, Thinkpad_p1_firmware, Thinkpad_p1_gen_2_firmware, Thinkpad_p1_gen_3_firmware, Thinkpad_p43s_firmware, Thinkpad_p50_firmware, Thinkpad_p50s_firmware, Thinkpad_p51_firmware, Thinkpad_p51s_firmware, Thinkpad_p52_firmware, Thinkpad_p52s_firmware, Thinkpad_p53_firmware, Thinkpad_p53s_firmware, Thinkpad_p70_firmware, Thinkpad_p71_firmware, Thinkpad_p72_firmware, Thinkpad_p73_firmware, Thinkpad_s2_gen_6_firmware, Thinkpad_s2_yoga_gen_6_firmware, Thinkpad_s540_firmware, Thinkpad_s5_2nd_gen_firmware, Thinkpad_t14_gen_1_firmware, Thinkpad_t14_gen_2_firmware, Thinkpad_t14s_firmware, Thinkpad_t14s_gen_2_firmware, Thinkpad_t15_firmware, Thinkpad_t15_gen_2_firmware, Thinkpad_t15g_gen_1_firmware, Thinkpad_t15p_gen_1_firmware, Thinkpad_t440p_firmware, Thinkpad_t460_firmware, Thinkpad_t460p_firmware, Thinkpad_t460s_firmware, Thinkpad_t470_firmware, Thinkpad_t470p_firmware, Thinkpad_t470s_firmware, Thinkpad_t480_firmware, Thinkpad_t480s_firmware, Thinkpad_t490_firmware, Thinkpad_t490s_firmware, Thinkpad_t550_firmware, Thinkpad_t560_firmware, Thinkpad_t570_firmware, Thinkpad_t580_firmware, Thinkpad_t590_firmware, Thinkpad_w550s_firmware, Thinkpad_x12_detachable_gen_1_firmware, Thinkpad_x13_gen_1_firmware, Thinkpad_x13_gen_2_firmware, Thinkpad_x13_yoga_gen_1_firmware, Thinkpad_x13_yoga_gen_2_firmware, Thinkpad_x1_carbon_3rd_gen_firmware, Thinkpad_x1_carbon_4th_gen_firmware, Thinkpad_x1_carbon_5th_gen_kabylake_firmware, Thinkpad_x1_carbon_5th_gen_skylake_firmware, Thinkpad_x1_carbon_gen_6_firmware, Thinkpad_x1_carbon_gen_7_firmware, Thinkpad_x1_carbon_gen_8_firmware, Thinkpad_x1_extreme_2nd_firmware, Thinkpad_x1_extreme_firmware, Thinkpad_x1_extreme_gen_3_firmware, Thinkpad_x1_fold_gen_1_firmware, Thinkpad_x1_nano_gen_1_firmware, Thinkpad_x1_tablet_firmware, Thinkpad_x1_tablet_gen_2_firmware, Thinkpad_x1_tablet_gen_3_firmware, Thinkpad_x1_titanium_firmware, Thinkpad_x1_yoga_1st_gen_firmware, Thinkpad_x1_yoga_3rd_gen_firmware, Thinkpad_x1_yoga_4th_gen_firmware, Thinkpad_x1_yoga_gen_5_firmware, Thinkpad_x250_firmware, Thinkpad_x260_firmware, Thinkpad_x270_firmware, Thinkpad_x280_firmware, Thinkpad_x380_yoga_firmware, Thinkpad_x390_firmware, Thinkpad_x390_yoga_firmware, Thinkpad_yoga_11e_3rd_gen_firmware, Thinkpad_yoga_11e_4th_gen_firmware, Thinkpad_yoga_11e_5th_gen_firmware, Thinkpad_yoga_15_firmware, Thinkpad_yoga_260_firmware, Thinkpad_yoga_370_firmware, V130\-15igm_firmware, V330\-15ikb_firmware, V330\-15isk_firmware
|
6.7
|
|
|
2021-11-12
|
CVE-2021-3718
|
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.
|
Thinkpad_11e_3rd_gen_firmware, Thinkpad_11e_4th_gen_celeron_firmware, Thinkpad_11e_4th_gen_i3_firmware, Thinkpad_11e_4th_gen_i5_firmware, Thinkpad_11e_4th_gen_i7_firmware, Thinkpad_11e_5th_gen_firmware, Thinkpad_11e_yoga_gen_6_firmware, Thinkpad_13_gen_2_firmware, Thinkpad_e490_firmware, Thinkpad_e490s_firmware, Thinkpad_e590_firmware, Thinkpad_l13_firmware, Thinkpad_l13_gen_2_firmware, Thinkpad_l13_yoga_firmware, Thinkpad_l13_yoga_gen_2_firmware, Thinkpad_l14_firmware, Thinkpad_l14_gen_1_firmware, Thinkpad_l15_firmware, Thinkpad_l15_gen_1_firmware, Thinkpad_l380_firmware, Thinkpad_l380_yoga_firmware, Thinkpad_l390_firmware, Thinkpad_l390_yoga_firmware, Thinkpad_l490_firmware, Thinkpad_l590_firmware, Thinkpad_p43s_firmware, Thinkpad_p52_firmware, Thinkpad_p53s_firmware, Thinkpad_p72_firmware, Thinkpad_s2_gen_6_firmware, Thinkpad_s2_yoga_gen_6_firmware, Thinkpad_s5_2nd_gen_firmware, Thinkpad_t460_firmware, Thinkpad_t490_firmware, Thinkpad_t590_firmware, Thinkpad_x12_detachable_gen_1_firmware, Thinkpad_x260_firmware, Thinkpad_x380_yoga_firmware, Thinkpad_x390_yoga_firmware
|
4.6
|
|
|
2021-11-12
|
CVE-2021-3786
|
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.
|
Ideapad_s940\-14iwl_firmware, Ideapad_yoga_s940\-14iwl_firmware, Thinkpad_10_firmware, Thinkpad_11e_3rd_gen_firmware, Thinkpad_11e_4th_gen_firmware, Thinkpad_11e_yoga_gen_6_firmware, Thinkpad_13_gen_2_firmware, Thinkpad_25_firmware, Thinkpad_e14_firmware, Thinkpad_e14_gen_2_firmware, Thinkpad_e14_gen_3_firmware, Thinkpad_e15_firmware, Thinkpad_e15_gen_2_firmware, Thinkpad_e15_gen_3_firmware, Thinkpad_e470_firmware, Thinkpad_e480_firmware, Thinkpad_e490_firmware, Thinkpad_e570_firmware, Thinkpad_e580_firmware, Thinkpad_e590_firmware, Thinkpad_helix_firmware, Thinkpad_l13_firmware, Thinkpad_l13_gen_2_firmware, Thinkpad_l13_yoga_firmware, Thinkpad_l13_yoga_gen_2_firmware, Thinkpad_l14_firmware, Thinkpad_l15_firmware, Thinkpad_l15_gen_2_firmware, Thinkpad_l380_firmware, Thinkpad_l380_yoga_firmware, Thinkpad_l390_firmware, Thinkpad_l390_yoga_firmware, Thinkpad_l460_firmware, Thinkpad_l470_firmware, Thinkpad_l480_firmware, Thinkpad_l490_firmware, Thinkpad_l560_firmware, Thinkpad_l570_firmware, Thinkpad_l580_firmware, Thinkpad_l590_firmware, Thinkpad_p14s_gen_1_firmware, Thinkpad_p14s_gen_2_firmware, Thinkpad_p15_gen_1_firmware, Thinkpad_p15s_gen_1_firmware, Thinkpad_p15s_gen_2_firmware, Thinkpad_p15v_gen_1_firmware, Thinkpad_p17_gen_1_firmware, Thinkpad_p1_firmware, Thinkpad_p1_gen_2_firmware, Thinkpad_p1_gen_3_firmware, Thinkpad_p43s_firmware, Thinkpad_p50_firmware, Thinkpad_p50s_firmware, Thinkpad_p51_firmware, Thinkpad_p51s_firmware, Thinkpad_p52_firmware, Thinkpad_p52s_firmware, Thinkpad_p53_firmware, Thinkpad_p53s_firmware, Thinkpad_p70_firmware, Thinkpad_p71_firmware, Thinkpad_p72_firmware, Thinkpad_p73_firmware, Thinkpad_s2_gen_6_firmware, Thinkpad_s2_yoga_gen_6_firmware, Thinkpad_s540_firmware, Thinkpad_s5_2nd_gen_firmware, Thinkpad_t14_gen_1_firmware, Thinkpad_t14_gen_2_firmware, Thinkpad_t14s_firmware, Thinkpad_t14s_gen_2_firmware, Thinkpad_t15_firmware, Thinkpad_t15_gen_2_firmware, Thinkpad_t15g_gen_1_firmware, Thinkpad_t15p_gen_1_firmware, Thinkpad_t440p_firmware, Thinkpad_t460_firmware, Thinkpad_t460p_firmware, Thinkpad_t460s_firmware, Thinkpad_t470_firmware, Thinkpad_t470p_firmware, Thinkpad_t470s_firmware, Thinkpad_t480_firmware, Thinkpad_t480s_firmware, Thinkpad_t490_firmware, Thinkpad_t490s_firmware, Thinkpad_t550_firmware, Thinkpad_t560_firmware, Thinkpad_t570_firmware, Thinkpad_t580_firmware, Thinkpad_t590_firmware, Thinkpad_w550s_firmware, Thinkpad_x12_detachable_gen_1_firmware, Thinkpad_x13_gen_1_firmware, Thinkpad_x13_gen_2_firmware, Thinkpad_x13_yoga_gen_1_firmware, Thinkpad_x13_yoga_gen_2_firmware, Thinkpad_x1_carbon_3rd_gen_firmware, Thinkpad_x1_carbon_4th_gen_firmware, Thinkpad_x1_carbon_5th_gen_kabylake_firmware, Thinkpad_x1_carbon_5th_gen_skylake_firmware, Thinkpad_x1_carbon_gen_6_firmware, Thinkpad_x1_carbon_gen_7_firmware, Thinkpad_x1_carbon_gen_8_firmware, Thinkpad_x1_extreme_2nd_firmware, Thinkpad_x1_extreme_firmware, Thinkpad_x1_extreme_gen_3_firmware, Thinkpad_x1_fold_gen_1_firmware, Thinkpad_x1_nano_gen_1_firmware, Thinkpad_x1_tablet_firmware, Thinkpad_x1_tablet_gen_2_firmware, Thinkpad_x1_tablet_gen_3_firmware, Thinkpad_x1_titanium_firmware, Thinkpad_x1_yoga_1st_gen_firmware, Thinkpad_x1_yoga_3rd_gen_firmware, Thinkpad_x1_yoga_4th_gen_firmware, Thinkpad_x1_yoga_gen_5_firmware, Thinkpad_x250_firmware, Thinkpad_x260_firmware, Thinkpad_x270_firmware, Thinkpad_x280_firmware, Thinkpad_x380_yoga_firmware, Thinkpad_x390_firmware, Thinkpad_x390_yoga_firmware, Thinkpad_yoga_11e_3rd_gen_firmware, Thinkpad_yoga_11e_4th_gen_firmware, Thinkpad_yoga_11e_5th_gen_firmware, Thinkpad_yoga_15_firmware, Thinkpad_yoga_260_firmware, Thinkpad_yoga_370_firmware, V130\-15igm_firmware, V330\-15ikb_firmware, V330\-15isk_firmware
|
5.5
|
|
|
2021-11-12
|
CVE-2021-3843
|
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
|
Thinkpad_11e_3rd_gen_firmware, Thinkpad_11e_4th_gen_celeron_firmware, Thinkpad_11e_4th_gen_i3_firmware, Thinkpad_11e_4th_gen_i5_firmware, Thinkpad_11e_4th_gen_i7_firmware, Thinkpad_11e_5th_gen_firmware, Thinkpad_11e_yoga_gen_6_firmware, Thinkpad_13_gen_2_firmware, Thinkpad_l13_firmware, Thinkpad_l13_gen_2_firmware, Thinkpad_l13_yoga_firmware, Thinkpad_l13_yoga_gen_2_firmware, Thinkpad_l14_firmware, Thinkpad_l14_gen_1_firmware, Thinkpad_l15_firmware, Thinkpad_l15_gen_1_firmware, Thinkpad_l380_firmware, Thinkpad_l380_yoga_firmware, Thinkpad_l390_firmware, Thinkpad_l390_yoga_firmware, Thinkpad_s2_gen_6_firmware, Thinkpad_s2_yoga_gen_6_firmware, Thinkpad_s5_2nd_gen_firmware, Thinkpad_t460_firmware, Thinkpad_x12_detachable_gen_1_firmware, Thinkpad_x1_fold_gen_1_firmware, Thinkpad_x260_firmware, Thinkpad_x380_yoga_firmware, Thinkpad_x390_yoga_firmware
|
6.7
|
|
|
2023-08-17
|
CVE-2023-4029
|
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
|
K14_type_21cu_firmware, K14_type_21cv_firmware, Thinkpad_e14_gen_3_firmware, Thinkpad_e15_gen_3_firmware, Thinkpad_l13_gen_2_firmware, Thinkpad_l13_gen_3_firmware, Thinkpad_l13_gen_4_firmware, Thinkpad_l13_yoga_gen_2_firmware, Thinkpad_l13_yoga_gen_3_firmware, Thinkpad_l13_yoga_gen_4_firmware, Thinkpad_l14_gen_2_firmware, Thinkpad_l14_gen_3_firmware, Thinkpad_l14_gen_4_firmware, Thinkpad_l15_gen_2_firmware, Thinkpad_l15_gen_3_firmware, Thinkpad_l15_gen_4_firmware, Thinkpad_p14s_gen_2_firmware, Thinkpad_s2_gen_6_firmware, Thinkpad_s2_gen_7_firmware, Thinkpad_s2_gen_8_firmware, Thinkpad_s2_yoga_gen_6_firmware, Thinkpad_s2_yoga_gen_7_firmware, Thinkpad_s2_yoga_gen_8_firmware, Thinkpad_t14_gen_2_firmware, Thinkpad_t14s_gen_2_firmware, Thinkpad_x13_gen_2_firmware
|
6.7
|
|
|