CVE-2022-48188
https://notcve.org/view.php?id=CVE-2022-48188
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-124495 • CWE-787: Out-of-bounds Write •
CVE-2022-48181
https://notcve.org/view.php?id=CVE-2022-48181
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-124495 • CWE-787: Out-of-bounds Write •
CVE-2020-8353
https://notcve.org/view.php?id=CVE-2020-8353
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. Antes del 10 de agosto de 2020, algunos sistemas Lenovo Desktop y Workstation se enviaron con la funcionalidad Embedded Host Based Configuration (EHBC) de Intel AMT habilitada. Esto podría permitir a un usuario administrativo acceso local para configurar Intel AMT • https://support.lenovo.com/us/en/product_security/LEN-44725 • CWE-16: Configuration •
CVE-2019-6190
https://notcve.org/view.php?id=CVE-2019-6190
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. Lenovo fue notificado de una potencial vulnerabilidad de denegación de servicio, que afecta a varias versiones de la BIOS para Lenovo Desktop, Desktop - All in One y ThinkStation, lo que podría causar que los PCR sean borrados de forma intermitente después de reanudar el modo de suspensión (S3) en sistemas con Intel TXT habilitado. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176178 https://support.lenovo.com/us/en/product_security/LEN-28078 • CWE-665: Improper Initialization •
CVE-2019-6188 – ThinkPad T460p and T470p BIOS Tamper Mechanism
https://notcve.org/view.php?id=CVE-2019-6188
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. El mecanismo de detección de manipulación del BIOS no se activó en Lenovo ThinkPad T460p, versiones de BIOS hasta R07ET90W, y T470p, versiones de BIOS hasta R0FET50W, lo que puede permitir el acceso no autorizado. • https://support.lenovo.com/us/en/product_security/LEN-27714 •