Filtered by vendor Lenovo
Subscriptions
Filtered by product Thinkpad X1 Fold Gen 1 Firmware
Subscriptions
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-4574 | 1 Lenovo | 108 Thinkpad L14, Thinkpad L14 Firmware, Thinkpad L14 Gen 2 and 105 more | 2024-09-09 | 6.7 Medium |
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2022-4573 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2024-09-06 | 6.7 Medium |
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2021-3843 | 1 Lenovo | 59 Thinkpad 11e 3rd Gen, Thinkpad 11e 3rd Gen Firmware, Thinkpad 11e 4th Gen Celeron and 56 more | 2024-08-03 | 6.7 Medium |
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2021-3786 | 1 Lenovo | 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more | 2024-08-03 | 4.4 Medium |
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. | ||||
CVE-2021-3599 | 1 Lenovo | 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more | 2024-08-03 | 6.7 Medium |
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
CVE-2022-1108 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2024-08-02 | 6.7 Medium |
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. |
Page 1 of 1.