Skip to main content

Thinkpad S2 Gen 6 Firmware

5 CVEs product

Monthly

CVE-2023-4029 MEDIUM This Month

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo K14 Type 21Cu Firmware K14 Type 21Cv Firmware +24
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-3843 MEDIUM This Month

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Thinkpad 11E 3Rd Gen Firmware Thinkpad 11E 4Th Gen I3 Firmware Thinkpad 11E 4Th Gen I7 Firmware Thinkpad 11E 4Th Gen I5 Firmware +25
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-3786 MEDIUM PATCH This Month

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Lenovo Information Disclosure Thinkpad X380 Yoga Firmware Thinkpad X1 Fold Gen 1 Firmware Thinkpad Yoga 260 Firmware +130
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-3718 MEDIUM This Month

A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Thinkpad 11E 3Rd Gen Firmware Thinkpad 11E 4Th Gen I3 Firmware Thinkpad 11E 4Th Gen I7 Firmware Thinkpad 11E 4Th Gen I5 Firmware +35
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-3599 MEDIUM PATCH This Month

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Thinkpad X380 Yoga Firmware Thinkpad X1 Fold Gen 1 Firmware Thinkpad Yoga 260 Firmware Thinkpad Yoga 11E 3Rd Gen Firmware +129
NVD
CVSS 3.1
6.7
EPSS
0.3%
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo +26
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Thinkpad 11E 3Rd Gen Firmware Thinkpad 11E 4Th Gen I3 Firmware +27
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Lenovo Information Disclosure Thinkpad X380 Yoga Firmware +132
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Thinkpad 11E 3Rd Gen Firmware Thinkpad 11E 4Th Gen I3 Firmware +37
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Thinkpad X380 Yoga Firmware Thinkpad X1 Fold Gen 1 Firmware +131
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy