Skip to main content

Lenovo BIOS Firmware CVE-2026-10590

| EUVDEUVD-2026-44982 MEDIUM
2026-07-16 lenovo GHSA-837q-rr3r-wp9q
6.7
CVSS 4.0 · Vendor: lenovo
Share

Severity by source

Vendor (lenovo) PRIMARY
6.7 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.0 MEDIUM

WMI-to-SMI invocation crosses the OS security boundary into SMM ring -2 (scope change); PR:H required as admin OS privileges are a hard prerequisite; no confidentiality or availability impact identified per vendor data.

3.1 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (lenovo).

CVSS VectorVendor: lenovo

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 17:21 vuln.today
CVE Published
Jul 16, 2026 - 16:50 cve.org
MEDIUM 6.7

DescriptionCVE.org

A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler.

AnalysisAI

Lenovo BIOS firmware across dozens of consumer and gaming laptop models - Legion, IdeaPad, Yoga, ThinkBook, LOQ, and V-series - contains a missing authentication flaw in the WMI-to-SMI interface that permits a local privileged attacker to arbitrarily trigger System Management Interrupt handlers, enabling execution at the SMM firmware level below the operating system security boundary. No public exploit code has been identified at time of analysis, and CISA KEV listing is not confirmed. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local admin or SYSTEM-level privileges on affected Lenovo device
Delivery
Identify Lenovo BIOS WMI interface for SMI handler invocation
Exploit
Issue crafted WMI command to BIOS interface
Execution
Bypass missing authentication check in BIOS firmware
Persist
Trigger arbitrary SMI handler execution in System Management Mode
Impact
Manipulate firmware or persist below OS visibility

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to an affected Lenovo system with high OS-level privileges (PR:H per CVSS 4.0 vector - administrator or SYSTEM account), as the attack is executed by issuing WMI commands from within the operating system. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:H/UI:N with VC:N/VI:H/VA:N/SC:N/SI:N/SA:N) produces a score of 6.7, reflecting a meaningful integrity impact despite the stringent PR:H prerequisite. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A threat actor who has already escalated to administrator or SYSTEM-level privileges on an affected Lenovo laptop - via credential theft, local privilege escalation, or supply chain compromise - issues crafted WMI commands targeting the unauthenticated BIOS SMI invocation interface, triggering SMI handler execution in System Management Mode without BIOS credential verification. From SMM, the attacker can manipulate firmware behavior or implant a persistent bootkit that survives OS reinstallation and evades endpoint security tools. …
Remediation The primary fix is to apply updated BIOS firmware for each affected Lenovo model as specified in Lenovo security advisory LEN-220440, available at https://support.lenovo.com/us/en/product_security/LEN-220440; exact patched version numbers per model must be retrieved directly from that advisory as they are not derivable from the available input data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10590 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy