VYPR

BIOS

by Lenovo

CVEs (33)

  • CVE-2021-3453Jul 16, 2021
    risk 0.00cvss epss 0.00

    Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

  • CVE-2020-8352Nov 11, 2020
    risk 0.00cvss epss 0.00

    In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.

  • CVE-2020-8354Nov 11, 2020
    risk 0.00cvss epss 0.00

    A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

  • CVE-2020-8333Sep 24, 2020
    risk 0.00cvss epss 0.00

    A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

  • CVE-2020-8336Jun 9, 2020
    risk 0.00cvss epss 0.00

    Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.

  • CVE-2020-8334Jun 9, 2020
    risk 0.00cvss epss 0.00

    The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.

  • CVE-2020-8323Jun 9, 2020
    risk 0.00cvss epss 0.00

    A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

  • CVE-2020-8322Jun 9, 2020
    risk 0.00cvss epss 0.00

    A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

  • CVE-2020-8321Jun 9, 2020
    risk 0.00cvss epss 0.00

    A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

  • CVE-2020-8320Jun 9, 2020
    risk 0.00cvss epss 0.00

    An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.

  • CVE-2019-6190Feb 14, 2020
    risk 0.00cvss epss 0.00

    Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.

  • CVE-2019-6171Aug 19, 2019
    risk 0.00cvss epss 0.00

    A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

  • CVE-2019-6156Apr 10, 2019
    risk 0.00cvss epss 0.00

    In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in…

Page 2 of 2