Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
WMI-to-SMI invocation crosses the OS security boundary into SMM ring -2 (scope change); PR:H required as admin OS privileges are a hard prerequisite; no confidentiality or availability impact identified per vendor data.
Primary rating from Vendor (lenovo).
CVSS VectorVendor: lenovo
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler.
AnalysisAI
Lenovo BIOS firmware across dozens of consumer and gaming laptop models - Legion, IdeaPad, Yoga, ThinkBook, LOQ, and V-series - contains a missing authentication flaw in the WMI-to-SMI interface that permits a local privileged attacker to arbitrarily trigger System Management Interrupt handlers, enabling execution at the SMM firmware level below the operating system security boundary. No public exploit code has been identified at time of analysis, and CISA KEV listing is not confirmed. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access to an affected Lenovo system with high OS-level privileges (PR:H per CVSS 4.0 vector - administrator or SYSTEM account), as the attack is executed by issuing WMI commands from within the operating system. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:H/UI:N with VC:N/VI:H/VA:N/SC:N/SI:N/SA:N) produces a score of 6.7, reflecting a meaningful integrity impact despite the stringent PR:H prerequisite. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A threat actor who has already escalated to administrator or SYSTEM-level privileges on an affected Lenovo laptop - via credential theft, local privilege escalation, or supply chain compromise - issues crafted WMI commands targeting the unauthenticated BIOS SMI invocation interface, triggering SMI handler execution in System Management Mode without BIOS credential verification. From SMM, the attacker can manipulate firmware behavior or implant a persistent bootkit that survives OS reinstallation and evades endpoint security tools. … |
| Remediation | The primary fix is to apply updated BIOS firmware for each affected Lenovo model as specified in Lenovo security advisory LEN-220440, available at https://support.lenovo.com/us/en/product_security/LEN-220440; exact patched version numbers per model must be retrieved directly from that advisory as they are not derivable from the available input data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Yoga Pro 7 15Iph11 Bios
View allOut-of-bounds write in Lenovo BIOS firmware across dozens of consumer and gaming laptop models enables a local attacker
Out-of-bounds write in Lenovo BIOS firmware across dozens of consumer and gaming laptop models enables a local privilege
SMM memory address disclosure in Lenovo laptop BIOS firmware exposes the location of protected System Management Mode (S
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44982
GHSA-837q-rr3r-wp9q