A flaw in the embedded controller firmware of many Lenovo ThinkPad laptops allows a privileged local user to read or write arbitrary privileged memory regions. This capability can be used to extract confidential data or modify firmware, potentially leading to privilege escalation or arbitrary code execution on the device. The weakness is classified as CWE‑327, a broken or risky cryptographic mechanism flaw in the firmware.

Affected and listed by Lenovo are ThinkPad L13, L14, L15, L16, P1, P14s, P15v, P16, P17, P73, S2 Yoga Gen 8, S2 Yoga Gen 6 (China Only), T14 Gen 3/5, T14s Gen 3‑6, T15, T15g, T15p, T16 Gen 3/4, X1 2‑in‑1 Gen 9/10, X1 Carbon 13th Gen, X1 Extreme 2nd‑4th Gen, X1 Fold 16 Gen 1, X1 Fold Gen 1, X1 Nano Gen 1‑3, X1 Titanium, X1 Yoga 4th‑8th Gen, X12 Detachable Gen 1/2, X13 Gen 2‑6 (all variants), X13 Yoga 1‑4, X390, X390 Yoga, X9‑14 Gen 1, Z16 Gen 1/2, ThinkPad S2 Gen 7, ThinkPad S2 Yoga Gen 6 (China Only).

The CVSS score of 8.4 indicates a high severity vulnerability. EPSS data is not available, and the vulnerability is not currently listed in CISA’s Known Exploited Vulnerabilities catalog. Attackers would need local elevated privileges on the ThinkPad, which could be obtained through legitimate administrative accounts or via physical access. Once achieved, they can read or write privileged memory, potentially enabling firmware tampering and further compromise. No public exploit is documented, but the technical feasibility and high impact warrant prompt remediation.