CVE-2022-48189
https://notcve.org/view.php?id=CVE-2022-48189
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. Una vulnerabilidad de validación de entrada del controlador SMM en el BIOS de algunos modelos ThinkPad podría permitir que un atacante con acceso local y privilegios elevados ejecute código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-20: Improper Input Validation •
CVE-2023-4029
https://notcve.org/view.php?id=CVE-2023-4029
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Se ha identificado un desbordamiento de búfer en el controlador BoardUpdateAcpiDxe de algunos productos ThinkPad de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-134879 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-2290
https://notcve.org/view.php?id=CVE-2023-2290
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-106014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-3786
https://notcve.org/view.php?id=CVE-2021-3786
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. Una vulnerabilidad potencial en la función SMI callback usada en la configuración de CSME de algunos sistemas Lenovo Notebook y ThinkPad podría ser usada para filtrar datos fuera del rango de la SMRAM • https://support.lenovo.com/us/en/product_security/LEN-67440 • CWE-20: Improper Input Validation •
CVE-2021-3599
https://notcve.org/view.php?id=CVE-2021-3599
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Una posible vulnerabilidad en la función SMI callback usada para acceder al dispositivo flash en algunos modelos de ThinkPad puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario • https://support.lenovo.com/us/en/product_security/LEN-67440 • CWE-20: Improper Input Validation •