Skip to main content

Lenovo

299 CVEs vendor

Monthly

CVE-2026-58583 HIGH POC PATCH This Week

Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys version 1.0.7.2 lets a standard user map arbitrary physical memory via the \Device\PhysicalMemory object and gain kernel-level control. The flaw affects Lenovo systems shipping this signed color-management driver and is fixed in version 1.0.7.6. Publicly available exploit code exists; there is no public exploit identified as actively exploited (not in CISA KEV), though the vulnerability was reported by CISA (cisa-cg).

Privilege Escalation Lenovo Microsoft Color Management Driver
NVD GitHub VulDB
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-53348 PATCH Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: fix NULL pointer dereference in sdca_dev_unregister_functions sdca_dev_unregister_functions() iterates over all SDCA function descriptors and calls sdca_dev_unregister() on each func_dev without checking for NULL. When a function registration has failed partway through, or the device cleanup races with probe deferral, func_dev entries may be NULL, leading to a kernel oops: BUG: kernel NULL pointer dereference, address: 0000000000000040 RIP: 0010:device_del+0x1e/0x3e0 Call Trace: sdca_dev_unregister_functions+0x37/0x60 [snd_soc_sdca] release_nodes+0x35/0xb0 devres_release_all+0x90/0x100 device_unbind_cleanup+0xe/0x80 device_release_driver_internal+0x1c1/0x200 bus_remove_device+0xc6/0x130 device_del+0x161/0x3e0 device_unregister+0x17/0x60 sdw_delete_slave+0xb6/0xd0 [soundwire_bus] sdw_bus_master_delete+0x1e/0x50 [soundwire_bus] ... sof_probe_work+0x19/0x30 [snd_sof] This was observed on a Lenovo ThinkPad X1 Carbon G14 (Panther Lake) with the SOF audio driver probe failing due to missing Panther Lake firmware, causing the subsequent cleanup of SoundWire devices to trigger the crash. Fix this with three changes: 1) Add a NULL guard in sdca_dev_unregister() so that callers do not need to pre-validate the pointer (defense in depth). 2) In sdca_dev_unregister_functions(), skip NULL func_dev entries and clear func_dev to NULL after unregistration, making the function idempotent and safe against double-invocation. 3) In sdca_dev_register_functions(), roll back all previously registered functions when a later one fails, so the function array is never left in a partially-populated state.

Linux Lenovo Denial Of Service
NVD VulDB
EPSS
0.1%
CVE-2026-53305 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's ps883x USB Type-C retimer driver causes a kernel Oops during device unbind, resulting in a denial of service. The ps883x_retimer_remove() function calls i2c_get_clientdata() to retrieve driver-private state, but i2c_set_clientdata() was never called during probe, leaving the pointer NULL; dereference at offset 0x20 triggers a fatal translation fault. Systems with ps883x retimer hardware running affected kernel versions are vulnerable when a privileged local user unbinds the driver via sysfs. No active exploitation is confirmed (no CISA KEV listing), and the EPSS score of 0.17% (6th percentile) reflects negligible real-world exploitation probability.

Linux Lenovo Denial Of Service Null Pointer Dereference
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-6090 HIGH PATCH This Week

Privilege escalation in Lenovo Smart Connect for Windows allows a local authenticated user to bypass authentication checks and execute arbitrary code with elevated privileges. The flaw stems from an authentication bypass weakness (CWE-290) in the Windows client and carries a CVSS 4.0 score of 7.3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Microsoft Authentication Bypass Lenovo
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-9045 HIGH PATCH This Week

Local privilege escalation in Lenovo Accessories and Display Manager for Enterprise on Windows allows an authenticated low-privileged user to execute arbitrary code with elevated privileges, per a Lenovo-disclosed internal finding (LEN-213623). The CVSS 4.0 base score of 8.5 reflects high impact to confidentiality, integrity, and availability of the vulnerable system, though no public exploit identified at time of analysis. The CWE-306 (Missing Authentication for Critical Function) classification combined with the 'Authentication Bypass' tag suggests a privileged operation in the product is reachable without proper access checks.

RCE Microsoft Authentication Bypass Lenovo
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-7516 MEDIUM PATCH This Month

Clipboard hijacking in Lenovo's built-in Android browser application allows a malicious website to silently overwrite system clipboard contents on affected devices. The vulnerability impacts Lenovo Android tablets distributed exclusively in the Chinese market, enabling a network-based attacker to manipulate clipboard data when a user visits a crafted website. No confirmed active exploitation (CISA KEV) or public exploit code has been identified at time of analysis; EPSS data was not provided in available intelligence.

Information Disclosure Google Lenovo
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-46055 HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's AppArmor LSM subsystem (security/apparmor/match.c) allows a local low-privileged user to trigger a KASAN slab-out-of-bounds read via the mount() syscall on kernels 7.0 through 7.0.3 and 7.1-rc1. The flaw stems from a missing string terminator that causes aa_dfa_match() to read past the end of an 8KB kmalloc buffer when processing mount path strings, resulting in potential information disclosure and system instability (denial of service). No public exploit identified at time of analysis, and EPSS probability is negligible at 0.02%.

Ubuntu Linux Lenovo Qualcomm Buffer Overflow
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-6282 HIGH PATCH This Week

Path traversal in Lenovo Personal Cloud Storage devices allows authenticated remote attackers to move or access files belonging to other users on the same device, enabling unauthorized data disclosure and modification across user boundaries. Affects multiple product lines including Personal Cloud (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S) and Home Storage Hub (T20, X20). CVSS 8.6 reflects high confidentiality and integrity impact with low attack complexity. No active exploitation confirmed in CISA KEV at time of analysis, and EPSS data not available for this 2026 CVE identifier.

Path Traversal Lenovo
NVD VulDB
CVSS 4.0
8.6
EPSS
0.1%
CVE-2026-6281 HIGH PATCH This Week

Remote command execution in Lenovo Personal Cloud Storage devices (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S, and Home Storage Hub T20/X20) allows authenticated users on the local network to execute arbitrary commands via OS command injection (CWE-78). The CVSS v4.0 score of 8.7 reflects complete system compromise potential (VC:H/VI:H/VA:H) through network attack with low complexity but requiring low-privilege authentication (AV:N/AC:L/PR:L). No evidence of active exploitation (not in CISA KEV) or public exploit code identified at time of analysis. Lenovo has issued advisories including end-of-life notices for certain models (T1), indicating some affected products may not receive patches.

Command Injection Lenovo
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-43381 MEDIUM PATCH This Month

Kernel crash (local denial of service) in the Linux nouveau NVIDIA GPU driver allows a local authenticated user to trigger a kernel WARNING and system instability by accessing the DisplayPort AUX channel (/dev/drm_dp_*) while the GPU is in runtime-suspended state. The driver fails to check device power state before invoking the GSP (GPU System Processor) firmware communication path, causing an unhandled condition in r535_gsp_msgq_wait. No public exploit exists and the EPSS score is 0.02% (7th percentile), but the vulnerability is notable in environments where fwupd or similar firmware tools interact with DP AUX interfaces on systems using the nouveau driver with runtime power management enabled.

Denial Of Service Lenovo Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71297 MEDIUM PATCH This Month

Kernel denial of service in rtw88 WiFi driver 8822b chipset allows local authenticated users to trigger a kernel WARNING and potential system instability by setting antenna configuration while the wireless chip is powered off, causing unexpected values when RF registers are read during power-down state.

Lenovo Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31587 HIGH PATCH This Week

Use-after-free in Linux kernel q6apm audio driver allows local authenticated attackers with low privileges to achieve arbitrary code execution, denial of service, or information disclosure with high impact to confidentiality, integrity, and availability. The flaw affects Qualcomm ASoC q6apm component registration code used in devices like Lenovo 21N2ZC5PUS laptops. Vendor-released patches are available across multiple kernel version branches (6.12.83, 6.18.24, 6.19.14, 7.0.1). EPSS score of 0.02% (5th percentile) indicates low probability of mass exploitation despite high CVSS 7.8, with no confirmed active exploitation or public POC identified at time of analysis.

Information Disclosure Lenovo Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-4145 HIGH PATCH This Week

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.

Lenovo RCE
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-4135 MEDIUM PATCH This Month

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges.

Information Disclosure Lenovo
NVD VulDB
CVSS 4.0
5.2
EPSS
0.0%
CVE-2026-4134 HIGH PATCH This Week

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges.

Information Disclosure Lenovo
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-1636 MEDIUM PATCH This Month

A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.

Information Disclosure Lenovo
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2026-0827 MEDIUM PATCH This Month

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.

Information Disclosure Lenovo
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-1717 MEDIUM This Month

LenovoProductivitySystemAddin in Lenovo Vantage and Baiying contains an input validation flaw that enables local authenticated users to terminate arbitrary processes with elevated privileges. This medium-severity vulnerability (CVSS 6.8) requires local access and valid credentials but poses a significant availability risk. No patch is currently available.

Information Disclosure Lenovo
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-1716 MEDIUM This Month

Lenovo Vantage and Baiying DeviceSettingsSystemAddin contain an input validation flaw that allows authenticated local users to delete arbitrary registry keys with elevated privileges. This vulnerability affects systems where users have local access and could enable attackers to modify system configuration or disable security controls. No patch is currently available.

Information Disclosure Lenovo
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-1715 MEDIUM This Month

Lenovo Vantage and Baiying DeviceSettingsSystemAddin contains an input validation flaw that allows authenticated local users to modify arbitrary registry keys with system-level privileges. This vulnerability could enable privilege escalation or system configuration tampering by an attacker with local access. No patch is currently available.

Information Disclosure Lenovo
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-71108 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero.

Linux Lenovo Information Disclosure Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-8485 HIGH This Month

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation App Store
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-8421 MEDIUM This Month

An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-12048 HIGH This Month

An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Lenovo
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-12047 MEDIUM This Month

A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-10495 HIGH This Month

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo
NVD
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-11193 MEDIUM This Month

A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2023-53168 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: ucsi_acpi: Increase the command completion timeout Commit 130a96d698d7 ("usb: typec: ucsi: acpi: Increase command completion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Lenovo Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-53166 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25890: Fix external_power_changed race bq25890_charger_external_power_changed() dereferences bq->charger, which. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Lenovo Race Condition Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-9319 HIGH This Month

A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-9214 MEDIUM This Month

A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-9201 HIGH This Month

A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-8557 HIGH This Month

An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO). Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-8061 HIGH This Month

A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated. Rated high severity (CVSS 7.3). No vendor patch available.

Lenovo Microsoft Information Disclosure Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-38647 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi The following assertion is triggered on the rtw89 driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Lenovo Linux Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-8098 HIGH This Month

An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Pcmanager
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-4371 HIGH This Month

A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Jwt Attack
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-2503 MEDIUM This Month

An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Pcmanager
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-2502 HIGH This Week

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2501 HIGH This Week

An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Pcmanager
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-37765 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttm_bo_delayed_delete oops Fix an oops in ttm_bo_delayed_delete which results from dererencing a dangling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Canonical +5
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22020 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Denial Of Service Lenovo +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-22012 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu" There are reports that the pagetable walker cache coherency is not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21902 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49760 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlb_change_protection() Patch series "mm/hugetlb: uffd-wp fixes for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Lenovo Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21729 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Lenovo +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-49515 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Lenovo Linux Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-12673 HIGH This Week

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-21685 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Google Denial Of Service Lenovo +4
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-10254 MEDIUM Monitor

A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. Rated medium severity (CVSS 4.7). No vendor patch available.

Heap Overflow Lenovo Buffer Overflow
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-10253 MEDIUM Monitor

A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. Rated medium severity (CVSS 4.7). No vendor patch available.

Heap Overflow Lenovo Buffer Overflow
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-53194 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free of slot->bus on hot remove Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Lenovo Memory Corruption Denial Of Service +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50266 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs A recent change in the venus driver results in a stuck clock on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Lenovo Mozilla Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-50107 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses Commit 50c6dbdfd16e ("x86/ioremap: Improve. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Lenovo Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47683 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why] Encounter NULL pointer dereference uner mst + dsc setup. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service Amd Null Pointer Dereference +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-9046 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Starstudio
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-5474 MEDIUM This Month

A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Lenovo Dolby Vision Provisioning
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-4132 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Lock Screen
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4131 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Emulator
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4130 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo App Store
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4089 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Superfile
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33582 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33581 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33580 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33579 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33578 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46795 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Lenovo Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-46746 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: free driver_data after destroying hid device HID driver callbacks aren't called anymore once hid_destroy_device() has. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Lenovo Denial Of Service +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-4550 MEDIUM This Month

A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lenovo RCE
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-3100 MEDIUM This Month

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lenovo RCE
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-43911 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, link_data/link_conf are dynamically. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Lenovo Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-43889 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Lenovo Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-6004 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5210 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5209 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4782 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4781 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4763 HIGH This Week

An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-2175 HIGH This Week

An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4786 LOW Monitor

An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
2.8
EPSS
0.1%
CVE-2024-40975 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Lenovo Intel Information Disclosure Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-4696 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Command Injection Lenovo
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-36969 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service Amd Apple +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-3286 HIGH This Week

A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lenovo
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-26909 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Lenovo Memory Corruption Denial Of Service Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26836 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Lenovo Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23594 MEDIUM This Month

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Stack Overflow Lenovo Microsoft RCE
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-23593 MEDIUM This Month

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-27912 HIGH This Week

A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27911 HIGH This Week

A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo
NVD
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 8.4
HIGH POC PATCH This Week

Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys version 1.0.7.2 lets a standard user map arbitrary physical memory via the \Device\PhysicalMemory object and gain kernel-level control. The flaw affects Lenovo systems shipping this signed color-management driver and is fixed in version 1.0.7.6. Publicly available exploit code exists; there is no public exploit identified as actively exploited (not in CISA KEV), though the vulnerability was reported by CISA (cisa-cg).

Privilege Escalation Lenovo Microsoft +1
NVD GitHub VulDB
EPSS 0%
PATCH Awaiting Data

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: fix NULL pointer dereference in sdca_dev_unregister_functions sdca_dev_unregister_functions() iterates over all SDCA function descriptors and calls sdca_dev_unregister() on each func_dev without checking for NULL. When a function registration has failed partway through, or the device cleanup races with probe deferral, func_dev entries may be NULL, leading to a kernel oops: BUG: kernel NULL pointer dereference, address: 0000000000000040 RIP: 0010:device_del+0x1e/0x3e0 Call Trace: sdca_dev_unregister_functions+0x37/0x60 [snd_soc_sdca] release_nodes+0x35/0xb0 devres_release_all+0x90/0x100 device_unbind_cleanup+0xe/0x80 device_release_driver_internal+0x1c1/0x200 bus_remove_device+0xc6/0x130 device_del+0x161/0x3e0 device_unregister+0x17/0x60 sdw_delete_slave+0xb6/0xd0 [soundwire_bus] sdw_bus_master_delete+0x1e/0x50 [soundwire_bus] ... sof_probe_work+0x19/0x30 [snd_sof] This was observed on a Lenovo ThinkPad X1 Carbon G14 (Panther Lake) with the SOF audio driver probe failing due to missing Panther Lake firmware, causing the subsequent cleanup of SoundWire devices to trigger the crash. Fix this with three changes: 1) Add a NULL guard in sdca_dev_unregister() so that callers do not need to pre-validate the pointer (defense in depth). 2) In sdca_dev_unregister_functions(), skip NULL func_dev entries and clear func_dev to NULL after unregistration, making the function idempotent and safe against double-invocation. 3) In sdca_dev_register_functions(), roll back all previously registered functions when a later one fails, so the function array is never left in a partially-populated state.

Linux Lenovo Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's ps883x USB Type-C retimer driver causes a kernel Oops during device unbind, resulting in a denial of service. The ps883x_retimer_remove() function calls i2c_get_clientdata() to retrieve driver-private state, but i2c_set_clientdata() was never called during probe, leaving the pointer NULL; dereference at offset 0x20 triggers a fatal translation fault. Systems with ps883x retimer hardware running affected kernel versions are vulnerable when a privileged local user unbinds the driver via sysfs. No active exploitation is confirmed (no CISA KEV listing), and the EPSS score of 0.17% (6th percentile) reflects negligible real-world exploitation probability.

Linux Lenovo Denial Of Service +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Privilege escalation in Lenovo Smart Connect for Windows allows a local authenticated user to bypass authentication checks and execute arbitrary code with elevated privileges. The flaw stems from an authentication bypass weakness (CWE-290) in the Windows client and carries a CVSS 4.0 score of 7.3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Local privilege escalation in Lenovo Accessories and Display Manager for Enterprise on Windows allows an authenticated low-privileged user to execute arbitrary code with elevated privileges, per a Lenovo-disclosed internal finding (LEN-213623). The CVSS 4.0 base score of 8.5 reflects high impact to confidentiality, integrity, and availability of the vulnerable system, though no public exploit identified at time of analysis. The CWE-306 (Missing Authentication for Critical Function) classification combined with the 'Authentication Bypass' tag suggests a privileged operation in the product is reachable without proper access checks.

RCE Microsoft Authentication Bypass +1
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Clipboard hijacking in Lenovo's built-in Android browser application allows a malicious website to silently overwrite system clipboard contents on affected devices. The vulnerability impacts Lenovo Android tablets distributed exclusively in the Chinese market, enabling a network-based attacker to manipulate clipboard data when a user visits a crafted website. No confirmed active exploitation (CISA KEV) or public exploit code has been identified at time of analysis; EPSS data was not provided in available intelligence.

Information Disclosure Google Lenovo
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in the Linux kernel's AppArmor LSM subsystem (security/apparmor/match.c) allows a local low-privileged user to trigger a KASAN slab-out-of-bounds read via the mount() syscall on kernels 7.0 through 7.0.3 and 7.1-rc1. The flaw stems from a missing string terminator that causes aa_dfa_match() to read past the end of an 8KB kmalloc buffer when processing mount path strings, resulting in potential information disclosure and system instability (denial of service). No public exploit identified at time of analysis, and EPSS probability is negligible at 0.02%.

Ubuntu Linux Lenovo +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Path traversal in Lenovo Personal Cloud Storage devices allows authenticated remote attackers to move or access files belonging to other users on the same device, enabling unauthorized data disclosure and modification across user boundaries. Affects multiple product lines including Personal Cloud (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S) and Home Storage Hub (T20, X20). CVSS 8.6 reflects high confidentiality and integrity impact with low attack complexity. No active exploitation confirmed in CISA KEV at time of analysis, and EPSS data not available for this 2026 CVE identifier.

Path Traversal Lenovo
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote command execution in Lenovo Personal Cloud Storage devices (T1, T2, T2S, T2Pro, X1, X1S, A1, A1S, and Home Storage Hub T20/X20) allows authenticated users on the local network to execute arbitrary commands via OS command injection (CWE-78). The CVSS v4.0 score of 8.7 reflects complete system compromise potential (VC:H/VI:H/VA:H) through network attack with low complexity but requiring low-privilege authentication (AV:N/AC:L/PR:L). No evidence of active exploitation (not in CISA KEV) or public exploit code identified at time of analysis. Lenovo has issued advisories including end-of-life notices for certain models (T1), indicating some affected products may not receive patches.

Command Injection Lenovo
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel crash (local denial of service) in the Linux nouveau NVIDIA GPU driver allows a local authenticated user to trigger a kernel WARNING and system instability by accessing the DisplayPort AUX channel (/dev/drm_dp_*) while the GPU is in runtime-suspended state. The driver fails to check device power state before invoking the GSP (GPU System Processor) firmware communication path, causing an unhandled condition in r535_gsp_msgq_wait. No public exploit exists and the EPSS score is 0.02% (7th percentile), but the vulnerability is notable in environments where fwupd or similar firmware tools interact with DP AUX interfaces on systems using the nouveau driver with runtime power management enabled.

Denial Of Service Lenovo Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel denial of service in rtw88 WiFi driver 8822b chipset allows local authenticated users to trigger a kernel WARNING and potential system instability by setting antenna configuration while the wireless chip is powered off, causing unexpected values when RF registers are read during power-down state.

Lenovo Information Disclosure Linux +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel q6apm audio driver allows local authenticated attackers with low privileges to achieve arbitrary code execution, denial of service, or information disclosure with high impact to confidentiality, integrity, and availability. The flaw affects Qualcomm ASoC q6apm component registration code used in devices like Lenovo 21N2ZC5PUS laptops. Vendor-released patches are available across multiple kernel version branches (6.12.83, 6.18.24, 6.19.14, 7.0.1). EPSS score of 0.02% (5th percentile) indicates low probability of mass exploitation despite high CVSS 7.8, with no confirmed active exploitation or public POC identified at time of analysis.

Information Disclosure Lenovo Linux +2
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.

Lenovo RCE
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges.

Information Disclosure Lenovo
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

LenovoProductivitySystemAddin in Lenovo Vantage and Baiying contains an input validation flaw that enables local authenticated users to terminate arbitrary processes with elevated privileges. This medium-severity vulnerability (CVSS 6.8) requires local access and valid credentials but poses a significant availability risk. No patch is currently available.

Information Disclosure Lenovo
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Lenovo Vantage and Baiying DeviceSettingsSystemAddin contain an input validation flaw that allows authenticated local users to delete arbitrary registry keys with elevated privileges. This vulnerability affects systems where users have local access and could enable attackers to modify system configuration or disable security controls. No patch is currently available.

Information Disclosure Lenovo
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Lenovo Vantage and Baiying DeviceSettingsSystemAddin contains an input validation flaw that allows authenticated local users to modify arbitrary registry keys with system-level privileges. This vulnerability could enable privilege escalation or system configuration tampering by an attacker with local access. No patch is currently available.

Information Disclosure Lenovo
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero.

Linux Lenovo Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 7.0
HIGH This Month

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation App Store
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation
NVD
EPSS 0% CVSS 7.7
HIGH This Month

An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Lenovo
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 7.7
HIGH This Month

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: ucsi_acpi: Increase the command completion timeout Commit 130a96d698d7 ("usb: typec: ucsi: acpi: Increase command completion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +4
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25890: Fix external_power_changed race bq25890_charger_external_power_changed() dereferences bq->charger, which. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Lenovo +4
NVD
EPSS 0% CVSS 7.5
HIGH This Month

A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo
NVD
EPSS 0% CVSS 8.5
HIGH This Month

A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure
NVD
EPSS 0% CVSS 8.7
HIGH This Month

An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO). Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo
NVD
EPSS 0% CVSS 7.3
HIGH This Month

A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated. Rated high severity (CVSS 7.3). No vendor patch available.

Lenovo Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi The following assertion is triggered on the rtw89 driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Lenovo Linux +3
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Month

An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation Pcmanager
NVD
EPSS 0% CVSS 7.0
HIGH This Month

A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Jwt Attack
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Pcmanager
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Pcmanager
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttm_bo_delayed_delete oops Fix an oops in ttm_bo_delayed_delete which results from dererencing a dangling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu" There are reports that the pagetable walker cache coherency is not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlb_change_protection() Patch series "mm/hugetlb: uffd-wp fixes for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Lenovo +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux +5
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Lenovo +4
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Google +6
NVD
EPSS 0% CVSS 4.7
MEDIUM Monitor

A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. Rated medium severity (CVSS 4.7). No vendor patch available.

Heap Overflow Lenovo Buffer Overflow
NVD
EPSS 0% CVSS 4.7
MEDIUM Monitor

A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. Rated medium severity (CVSS 4.7). No vendor patch available.

Heap Overflow Lenovo Buffer Overflow
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free of slot->bus on hot remove Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Lenovo +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs A recent change in the venus driver results in a stuck clock on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Lenovo +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses Commit 50c6dbdfd16e ("x86/ioremap: Improve. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Lenovo +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why] Encounter NULL pointer dereference uner mst + dsc setup. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Starstudio
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Lenovo +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Lock Screen
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Emulator
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo App Store
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Superfile
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Lenovo Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: free driver_data after destroying hid device HID driver callbacks aren't called anymore once hid_destroy_device() has. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lenovo +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lenovo +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, link_data/link_conf are dynamically. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Lenovo Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Lenovo Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
EPSS 0% CVSS 2.8
LOW Monitor

An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Lenovo Intel +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Command Injection Lenovo
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lenovo
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Lenovo Memory Corruption +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Lenovo Linux +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Stack Overflow Lenovo +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo
NVD
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy