CVE-2023-5078
https://notcve.org/view.php?id=CVE-2023-5078
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. Se informó una vulnerabilidad en algunos BIOS de ThinkPad que podría permitir que un atacante físico o local con privilegios elevados altere el firmware del BIOS. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-665: Improper Initialization CWE-1419: Incorrect Initialization of Resource •
CVE-2022-48189
https://notcve.org/view.php?id=CVE-2022-48189
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. Una vulnerabilidad de validación de entrada del controlador SMM en el BIOS de algunos modelos ThinkPad podría permitir que un atacante con acceso local y privilegios elevados ejecute código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-20: Improper Input Validation •
CVE-2023-2290
https://notcve.org/view.php?id=CVE-2023-2290
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-40134
https://notcve.org/view.php?id=CVE-2022-40134
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •
CVE-2021-3843
https://notcve.org/view.php?id=CVE-2021-3843
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Una posible vulnerabilidad en la función SMI para acceder a la EEPROM en algunos modelos de ThinkPad puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario • https://support.lenovo.com/us/en/product_security/LEN-72619 • CWE-20: Improper Input Validation •