VYPR

Thinkpad

by Lenovo

CVEs (31)

  • CVE-2017-3756HigAug 18, 2017
    risk 0.51cvss 7.8epss 0.00

    A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.

  • CVE-2025-10238MedJun 10, 2026
    risk 0.44cvss 6.7epss 0.00

    During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).

  • CVE-2025-10237MedJun 10, 2026
    risk 0.44cvss 6.7epss 0.00

    During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.

  • CVE-2024-7756MedSep 13, 2024
    risk 0.44cvss 6.8epss 0.00

    A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell.

  • CVE-2018-9062MedJul 19, 2018
    risk 0.44cvss 6.8epss 0.01

    In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

  • CVE-2016-8222MedNov 30, 2016
    risk 0.29cvss 4.4epss 0.00

    A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow…

  • CVE-2026-0940Mar 11, 2026
    risk 0.00cvss epss 0.00

    A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.

  • CVE-2022-4575Oct 30, 2023
    risk 0.00cvss epss 0.00

    A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

  • CVE-2022-48189Oct 30, 2023
    risk 0.00cvss epss 0.00

    An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2022-4574Oct 30, 2023
    risk 0.00cvss epss 0.00

    An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.  

  • CVE-2023-4030Aug 17, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.

  • CVE-2023-4029Aug 17, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2023-2290Jun 26, 2023
    risk 0.00cvss epss 0.00

    A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2022-48181Jun 5, 2023
    risk 0.00cvss epss 0.00

    An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.

  • CVE-2022-4435Jan 5, 2023
    risk 0.00cvss epss 0.00

    A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

  • CVE-2022-4434Jan 5, 2023
    risk 0.00cvss epss 0.00

    A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.

  • CVE-2022-4433Jan 5, 2023
    risk 0.00cvss epss 0.00

    A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

  • CVE-2022-4432Jan 5, 2023
    risk 0.00cvss epss 0.00

    A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

  • CVE-2022-1107Apr 22, 2022
    risk 0.00cvss epss 0.00

    During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

  • CVE-2021-3843Nov 12, 2021
    risk 0.00cvss epss 0.00

    A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Page 1 of 2