CVSS: 6.7EPSS: 0%CPEs: 128EXPL: 0CVE-2023-45079
https://notcve.org/view.php?id=CVE-2023-45079
08 Nov 2023 — A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una vulnerabilidad de pérdida de memoria en el controlador SMM NvmramSmm que puede permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 128EXPL: 0CVE-2023-45078
https://notcve.org/view.php?id=CVE-2023-45078
08 Nov 2023 — A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una vulnerabilidad de pérdida de memoria en el controlador SMM DustFilterAlertSmm que puede permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 128EXPL: 0CVE-2023-45077
https://notcve.org/view.php?id=CVE-2023-45077
08 Nov 2023 — A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una vulnerabilidad de pérdida de memoria en el controlador DXE 534D0740 que puede permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 128EXPL: 0CVE-2023-45076
https://notcve.org/view.php?id=CVE-2023-45076
08 Nov 2023 — A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una vulnerabilidad de pérdida de memoria en el controlador DXE 534D0140 que puede permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 128EXPL: 0CVE-2023-45075
https://notcve.org/view.php?id=CVE-2023-45075
08 Nov 2023 — A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Se informó una vulnerabilidad de pérdida de memoria en el controlador SWSMI_Shadow DXE que puede permitir que un atacante local con privilegios elevados escriba en variables NVRAM. • https://support.lenovo.com/us/en/product_security/LEN-141775 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 300EXPL: 0CVE-2022-40136
https://notcve.org/view.php?id=CVE-2022-40136
30 Jan 2023 — An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 278EXPL: 0CVE-2022-40135
https://notcve.org/view.php?id=CVE-2022-40135
30 Jan 2023 — An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. • https://support.lenovo.com/us/en/product_security/LEN-94953 • CWE-125: Out-of-bounds Read •
CVSS: 6.9EPSS: 0%CPEs: 128EXPL: 0CVE-2021-3519
https://notcve.org/view.php?id=CVE-2021-3519
12 Nov 2021 — A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Se ha informado de una vulnerabilidad en algunos modelos de ordenadores de sobremesa de Lenovo que podía permitir el acceso no autorizado al menú de arranque, cuando la configuración de la BIOS "BIOS Password At Boot Device List" es Sí • https://support.lenovo.com/us/en/product_security/LEN-67440 • CWE-287: Improper Authentication •