VYPR

Thinkpad 13e BIOS

by Lenovo

CVEs (14)

  • CVE-2017-3756HigAug 18, 2017
    risk 0.51cvss 7.8epss 0.00

    A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.

  • CVE-2016-8222MedNov 30, 2016
    risk 0.29cvss 4.4epss 0.00

    A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow…

  • CVE-2026-0940Mar 11, 2026
    risk 0.00cvss epss 0.00

    A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.

  • CVE-2023-5078Nov 8, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.

  • CVE-2022-4575Oct 30, 2023
    risk 0.00cvss epss 0.00

    A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

  • CVE-2022-48189Oct 30, 2023
    risk 0.00cvss epss 0.00

    An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2022-4574Oct 30, 2023
    risk 0.00cvss epss 0.00

    An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.  

  • CVE-2022-1108Apr 22, 2022
    risk 0.00cvss epss 0.00

    A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2022-1107Apr 22, 2022
    risk 0.00cvss epss 0.00

    During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

  • CVE-2021-3843Nov 12, 2021
    risk 0.00cvss epss 0.00

    A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2021-3718Nov 12, 2021
    risk 0.00cvss epss 0.00

    A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.

  • CVE-2021-3599Nov 12, 2021
    risk 0.00cvss epss 0.00

    A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2021-3452Jul 16, 2021
    risk 0.00cvss epss 0.00

    A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

  • CVE-2020-8335Sep 1, 2020
    risk 0.00cvss epss 0.00

    The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may…