Skip to main content

Lenovo BIOS EUVDEUVD-2026-44980

| CVE-2026-10588 MEDIUM
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2026-07-16 lenovo GHSA-vr8x-qg62-cfwr
6.7
CVSS 4.0 · Vendor: lenovo
Share

Severity by source

Vendor (lenovo) PRIMARY
6.7 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.4 MEDIUM

Local-only vector, high privileges mandatory to access BIOS SMM interface; sole impact is confidentiality via SMRAM address disclosure.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (lenovo).

CVSS VectorVendor: lenovo

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 17:19 vuln.today
CVE Published
Jul 16, 2026 - 16:49 cve.org
MEDIUM 6.7

DescriptionCVE.org

A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory.

AnalysisAI

SMM memory address disclosure in Lenovo laptop BIOS firmware exposes the location of protected System Management Mode (SMRAM) regions to a local privileged attacker. Dozens of Lenovo consumer, gaming, and business laptop product lines are affected across IdeaPad, Legion, Yoga, ThinkBook, LOQ, and V-series models. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local admin/root on target Lenovo laptop
Delivery
Query vulnerable BIOS interface to leak SMRAM address
Exploit
Record protected SMM memory layout
Execution
Use disclosed address to defeat firmware ASLR
Impact
Target SMM handler for follow-on firmware exploit

Vulnerability AssessmentAI

Exploitation Exploitation requires physical or logical local access to an affected Lenovo laptop with a vulnerable BIOS version, and the attacker must already hold high operating-system privileges (administrator on Windows or root on Linux), consistent with CVSS PR:H. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.7 (Medium) is consistent with the attack profile: local access and high privileges (PR:H) are mandatory, meaning an attacker must already have administrative or root-level OS control before this vulnerability can be leveraged. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already obtained administrator or root-level access on a Lenovo laptop (via credential theft, privilege escalation exploit, or malicious insider) uses this vulnerability to query or observe SMRAM base addresses through a vulnerable BIOS interface. With the SMRAM layout now known, the attacker can defeat firmware-level ASLR and target specific SMM handler code locations in a follow-on SMM exploitation attempt to implant a persistent firmware rootkit that survives OS reinstallation. …
Remediation The primary remediation is to apply the BIOS firmware update for the affected device, as directed by Lenovo security advisory LEN-220440 (https://support.lenovo.com/us/en/product_security/LEN-220440). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44980 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy