Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local-only vector, high privileges mandatory to access BIOS SMM interface; sole impact is confidentiality via SMRAM address disclosure.
Primary rating from Vendor (lenovo).
CVSS VectorVendor: lenovo
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory.
AnalysisAI
SMM memory address disclosure in Lenovo laptop BIOS firmware exposes the location of protected System Management Mode (SMRAM) regions to a local privileged attacker. Dozens of Lenovo consumer, gaming, and business laptop product lines are affected across IdeaPad, Legion, Yoga, ThinkBook, LOQ, and V-series models. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires physical or logical local access to an affected Lenovo laptop with a vulnerable BIOS version, and the attacker must already hold high operating-system privileges (administrator on Windows or root on Linux), consistent with CVSS PR:H. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 6.7 (Medium) is consistent with the attack profile: local access and high privileges (PR:H) are mandatory, meaning an attacker must already have administrative or root-level OS control before this vulnerability can be leveraged. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already obtained administrator or root-level access on a Lenovo laptop (via credential theft, privilege escalation exploit, or malicious insider) uses this vulnerability to query or observe SMRAM base addresses through a vulnerable BIOS interface. With the SMRAM layout now known, the attacker can defeat firmware-level ASLR and target specific SMM handler code locations in a follow-on SMM exploitation attempt to implant a persistent firmware rootkit that survives OS reinstallation. … |
| Remediation | The primary remediation is to apply the BIOS firmware update for the affected device, as directed by Lenovo security advisory LEN-220440 (https://support.lenovo.com/us/en/product_security/LEN-220440). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Yoga Pro 7 15Iph11 Bios
View allOut-of-bounds write in Lenovo BIOS firmware across dozens of consumer and gaming laptop models enables a local attacker
Out-of-bounds write in Lenovo BIOS firmware across dozens of consumer and gaming laptop models enables a local privilege
Lenovo BIOS firmware across dozens of consumer and gaming laptop models - Legion, IdeaPad, Yoga, ThinkBook, LOQ, and V-s
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44980
GHSA-vr8x-qg62-cfwr