CVE-2024-7756
https://notcve.org/view.php?id=CVE-2024-7756
A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-489: Active Debug Code •
CVE-2023-25494
https://notcve.org/view.php?id=CVE-2023-25494
A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una vulnerabilidad potencial en el BIOS de algunos productos de escritorio, Smart Edge y ThinkStation que podría permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-125: Out-of-bounds Read •
CVE-2023-25493
https://notcve.org/view.php?id=CVE-2023-25493
A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. Se informó una vulnerabilidad potencial en el controlador de la herramienta de actualización del BIOS para algunos productos Desktop, Smart Edge, Smart Office y ThinkStation que podría permitir a un usuario local con privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVE-2023-5912
https://notcve.org/view.php?id=CVE-2023-5912
A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una posible vulnerabilidad de pérdida de memoria en algunos productos portátiles Lenovo que puede permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-155477 • CWE-787: Out-of-bounds Write •
CVE-2021-3452
https://notcve.org/view.php?id=CVE-2021-3452
A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Una potencial vulnerabilidad en la función shutdown SMI callback del sistema en algunos modelos ThinkPad, puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario • https://support.lenovo.com/us/en/product_security/LEN-65529 • CWE-20: Improper Input Validation •