BIOS
by Lenovo
CVEs (33)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3453 | 0.00 | — | 0.00 | Jul 16, 2021 | Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. | |||
| CVE-2020-8352 | 0.00 | — | 0.00 | Nov 11, 2020 | In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. | |||
| CVE-2020-8354 | 0.00 | — | 0.00 | Nov 11, 2020 | A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. | |||
| CVE-2020-8333 | 0.00 | — | 0.00 | Sep 24, 2020 | A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution | |||
| CVE-2020-8336 | 0.00 | — | 0.00 | Jun 9, 2020 | Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. | |||
| CVE-2020-8334 | 0.00 | — | 0.00 | Jun 9, 2020 | The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access. | |||
| CVE-2020-8323 | 0.00 | — | 0.00 | Jun 9, 2020 | A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. | |||
| CVE-2020-8322 | 0.00 | — | 0.00 | Jun 9, 2020 | A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. | |||
| CVE-2020-8321 | 0.00 | — | 0.00 | Jun 9, 2020 | A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. | |||
| CVE-2020-8320 | 0.00 | — | 0.00 | Jun 9, 2020 | An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. | |||
| CVE-2019-6190 | 0.00 | — | 0.00 | Feb 14, 2020 | Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled. | |||
| CVE-2019-6171 | 0.00 | — | 0.00 | Aug 19, 2019 | A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware. | |||
| CVE-2019-6156 | 0.00 | — | 0.00 | Apr 10, 2019 | In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in… |
- CVE-2021-3453Jul 16, 2021risk 0.00cvss —epss 0.00
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
- CVE-2020-8352Nov 11, 2020risk 0.00cvss —epss 0.00
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
- CVE-2020-8354Nov 11, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
- CVE-2020-8333Sep 24, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution
- CVE-2020-8336Jun 9, 2020risk 0.00cvss —epss 0.00
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.
- CVE-2020-8334Jun 9, 2020risk 0.00cvss —epss 0.00
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.
- CVE-2020-8323Jun 9, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
- CVE-2020-8322Jun 9, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
- CVE-2020-8321Jun 9, 2020risk 0.00cvss —epss 0.00
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
- CVE-2020-8320Jun 9, 2020risk 0.00cvss —epss 0.00
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
- CVE-2019-6190Feb 14, 2020risk 0.00cvss —epss 0.00
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.
- CVE-2019-6171Aug 19, 2019risk 0.00cvss —epss 0.00
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
- CVE-2019-6156Apr 10, 2019risk 0.00cvss —epss 0.00
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in…
Page 2 of 2